Matt Stevenson
Tue, 23 Sep 2008 11:37:11 -0700
Hi,
Basically...
SSLCACertificateFile SelfSignedCA Root Cert (public part)
SSLVerifyClient require or optional
SSLVerifyDepth 1 (default)
and have the setup from the Thwate cert as per normal for the server cert.
Regards
Matt
----- Original Message ----
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Tuesday, September 23, 2008 1:39:16 PM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i use a
selfsigned CA root for client certificates.
Can you point me in a direction of how i make this work in apache ?.
I already have a setup with a Selfsigned CA working for client certificates.
Createed SelfSignedCA
|-->Create and Sign Apache Cert from SelfSigned CA
|-->Create and Sign Client Cert from SelfSigned CA
How do I incorporate this with a CA (thawte) signed webserver certificate ?.
Best regards
Wizkidnono
Original Message -----------------------
Sounds like your trying to use the thawte apache cert to sign your client
certs? The thawte cert won't have the right attributes to sign a client cert
and then try to use it.
You could use your CA for client certs and Thawte for the server cert.
Regards
Matt
----- Original Message ----
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a "third"
party where one does not have access to their root ca key ?..
Ie.
I have generated a : apache_server.key made a apache_server..csr and sent
this for signing by thawte.com
Recived a apache_server.crt
Created a client.key and a client.csr
Signed it with my apache_server.key and apache_server.crt
Converted the client.key,crt to a pkcs12 file and imported this into my
browser but i can not make things work.
SSL works fine on the server on pages that does not require SSL client auth.
A I stated earlier, IT works when I create and self sign a CA, but I cant
make it work when I use a 3rd party CA and only have apache_server.key,
apache_server.crt , thawte root cert.
Best regards
Wizkidnono
–œ…â'µêßiÇ ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)Ã
.+-š‡l²[¬z»&¡Û,–Šà ëh™«^t¸¬´Æ§j«™¨èÂÚ&¢j²Éh®
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
–œ…â'µêßiÇ
ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)à.+-š‡l²[¬z»&¡Û,–Šàëh™«^t¸¬´Æ§j«™¨èÚ&¢j²Éh®
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]