There is a file included in mod_ssl.../pkg.contrib called cca.sh. I was
able to generate a CA. Server Certificate, and Client Certificates using
this. I had to make the following changes:
1. Set days for CA certificate to 5 years
2. removed nscerttype=ssICA
3. remove nscerttype=client
By do this I was able to
1. Generate CA by typing ./cca.sh init
convert ca.crt from pem format to der format and copy to apache html
document tree.
2. Generate Server Certificate ./cca gen
update httpd.conf and copy user-01.key and user-01.crt to propery
location
3. Generate Client Certificates
distibute user-##.p12 to users
I don't know if this was the correct approach but it worked for me.
Arend van der Veen
-----Original Message-----
From: Geoff Nordli <[EMAIL PROTECTED]>
To: Modssl-Users (E-mail) <[EMAIL PROTECTED]>
Date: Monday, July 26, 1999 11:41 PM
Subject: creating client certificates
>I am extremely happy now.
>
>I have successfully implemented Apache 1.3.6 + SSL 0.9.3a.
>
>I have user controlled access with passwords.
>
>It has only taken about 1.5 weeks.
>
>The last step is to create client certificates.
>
>I only have about 20 people accessing the site.
>
>I want to restrict access to only people with valid certificates.
>
>I know you have to edit the http.conf file and add
>
>SSLVerifyClient require
>SSLVerifyDepth 1
>SSLCACertificateFile conf/ssl.crt/ca.crt
>
>I guess the question is how do I create, and manage the different
>certificates. How is it associated with the ca.crt file.
>
>As always, any help is appreciated.
>
>geoff nordli
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
