Hi Amol,
> I need to do something similar like Norbert has done (detailed below), i.e.
> request & authenticate a client certificate for a specific subtree of the
> web server (for eg. the Payment Page of a site ).
> Could somebody clarify these doubts :
> 1. Is this implemented as part of the server configuration or is it part of
> the HTML page that needs the client authentication.
Server config, possibly combined with a ".htaccess" like file.
> 2. How can I have the same web server talk different protocols : HTTP, HTTPS
> with only server authentication and HTTPS with client authentication for
> different parts of my web site ?
Check the manual on client authentication and rewrite rules. Have not
experimented with that yet, but it should work judging by earlier list
contributions. You can very easily config certain directory(trees) to be
ssl only or to be ssl+client auth only. Add the rewrite rules there (or
make sure people can only come there by following https links from the
original page, I don't know how well you can control the navigation process
of the client) should do the trick.
> 3. Where and how is the Logic to read certificates presented by the client
> placed, and how can I give access depending on the CA who issued a
> certificate ?
the manual describes this pretty clear. Just have a peek at the howto
pages. You can configure which CAs you trust and you can configure with
SSLRequire which specific certificates you admit. Basically, take an hour
to read and understand the howto pages.
Jan
--
alive ~ true
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
