Trying to set up a two way SSL connection between two production servers. A client machine will connect to a Laravel route with a certificate and pass an xml payload. There should be a two way ssl handshake between the apache server on the production machine and the client machine.
I'm using this apache Directory setting on the production machine:
<Directory /var/www/vhosts/subdomain/html/routename>
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq "company name"
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Directory>
I've set the following in .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_rewrite.c>
SSLOptions +StdEnvVars
SSLOptions +ExportCertData
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
The Laravel route is still accepting connections from machines that are not using certificates at all or with certs meeting the SSL_CLIENT_S_DN_O requirement. Seems the mod_rewrite is taking precedence over the Directory ssl requirement. Thank you in advance for aAny basic advice. Any ideas much appreciated.
