Client Certificate 2-factor auth problem with loopback in site-health.php
-
Hello
I secured access to the login page of one of my sites with a client certificate using this apache2 configuration:
<Location /wp-login.php> SSLOptions +StdEnvVars SSLVerifyClient require </Location>
I can access the login page and login using the client certificate. Great!
But, when I check the website status page (site-health.php), I get this critical warning:
Deine Website konnte eine Loopback-Anfrage nicht abschließen Fehler: cURL error 56: NSS: client certificate not found (nickname not specified) (http_request_failed) I tried to figure out what is going on using the Firefox developer tools, but I do not see where the failed request comes from. I suspect it is internal only. In the webserver logs I see three requests which come in through the internal (ipv6) ip address of the server. Maybe this causes the cURL error: [01/Jan/2021:15:59:35 +0100] "GET /wp-json/wp/v2/types/post?context=edit HTTP/1.1" 200 871 "https://www.sternwarten.ch/wp-json/wp/v2/types/post?context=edit" "WordPress/5.6; https://www.sternwarten.ch" [01/Jan/2021:15:59:38 +0100] "GET /wp-admin/ HTTP/1.1" 302 - "https://www.sternwarten.ch/wp-admin/" "WordPress/5.6; https://www.sternwarten.ch" [01/Jan/2021:15:59:38 +0100] "GET /wp-login.php?redirect_to=https%3A%2F%2Fwww.sternwarten.ch%2Fwp-admin%2F&reauth=1 HTTP/1.1" 403 214 "https://www.sternwarten.ch/wp-login.php?redirect_to=https%3A%2F%2Fwww.sternwarten.ch%2Fwp-admin%2F&reauth=1" "WordPress/5.6; https://www.sternwarten.ch"
The last one apparently gets 403 because it does not provide the client certificate. This makes sense, but how can I configure apache2 to not request client certificate when the originator is the webserver itself? Or is this a bug of wordpress?
Best,
PeterThe page I need help with: [log in to see the link]
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Client Certificate 2-factor auth problem with loopback in site-health.php’ is closed to new replies.