On Fri, Mar 16, 2001 at 03:10:48PM -0300, Aldo Kogima Pompeo wrote:
> Hi,
>
> I'm trying to use SSLClient, but i don't know how many days i'll spend to do it.
>
> I modify my httpd.conf like above:
> ## My httpd.conf
> SSLVerifyClient require
> SSLVerifyDepth 10
>
>
> And it works, but i need to add some client's cert, and i search at openssl site and
>i didn\'t found any thing..
>
> How can I do it work???
not sure what you mean by "need to add client's cert"...
Just for clarification: you don't add client certificates on the server
side (if that's what you mean), but rather have your users install
their certificates in their browsers. The server just has to accept the
CA that issued the client certificate, that's all.
If you need to do user authentication you might want to try mod_ssl's
ability to mimic HTTP basic authentication with client certificates
(using the "Subject Distinguished Name" (DN) of the cert).
See the mod_ssl option:
SSLOptions FakeBasicAuth
in the docs. Of course, you can also roll your own authentication
scheme by accessing the SSL-related env variables (see also "SSLRequire"
for that).
Erdmut
--
Erdmut Pfeifer
science+computing ag
-- Bugs come in through open windows. Keep Windows shut! --
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
