I recently tested GlobalID Certification on my Windows NT Box to see how it
could be used for our internal web server.
My Configuration:
- Apache 1.3.6
- mod_ssl 2.3.4
- OpenSSL 0.9.3a
If you want to test it, just follow my way...
1. You have to create a standard X509v3 CA certificate with GID extension
2. You have to create a server certificate with the extKeyUsage field
3. You have to sign the server certificate with the CA certificate
4. You have to import the CA certificate into the client's browser
In details:
o Create CA and Server certificate
Create your CA certificate as usual, but this time you should
incorporate the
GlobalID extension for `Netscape SGC' (2.16.840.1.113730.4.1) and
`Microsoft SGC' (1.3.6.1.4.1.311.10.3.3). I use a modified openssl.cnf
file where I integrated these OIDs for CA certificate generation.
Next you have to generate a server certificate, signed by our Test CA
for
Global IDs. This must have the OIDs for SGC set, too.
o Import the CA certificate into the browser
The fastet way is to make your CA certificate available at your server.
Open the location where the CA certificate is installed
(e.g. http://localhost/certs/ca.crt) Your browser will inform you that
you
are installing a new certificate. Follow the required steps.
o Test it
Connect to your secure site with the new server certificate installed
(e.g. https://localhost/). Your browser should connect seamlessly and
switch to 128bit.
Need more information ? Mail me at [EMAIL PROTECTED] !
More information and a step-by-step guide will be available soon at the
OpenSA
Project Web Site under http://www.opensa.de/
Daniel
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
