Thanks. You can find the work in progress at:
http://diary.unixathome.org/openssl-client-authentication.php
Eventually the document will be moved to the public site at
http://freebsddiary.org/.
The areas I have doubts about are: "Create the secure area of your
website", specifically: SSLCipherSuite. I'm not sure that's required yet.
I'm also about to change the first picture provided under "Import the
certificate": http://diary.unixathome.org/showpicture.php?id=26
On 10 Jul 2001, at 8:49, [EMAIL PROTECTED] wrote:
> This is an S/MIME signed message.
>
> ---------z41025_boundary_sign
> Content-Type: multipart/alternative; boundary="=_alternative
> 00255912C1256A85_="
>
> This is a multipart message in MIME format.
> --=_alternative 00255912C1256A85_=
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Yes,
>
> I can review your "How-To" !
>
> Sylvain
>
> ---------------------------------------------------------------------------
> = ----------------------------- Sylvain Maret Senior Security Engineer -
> Strategic Director e-Xpert Solutions SA Route de Pr=E9-Marais 29 1233
> Bernex / Geneva Switzerland
>
> Tel: +41 22 727 05 55
> Fax: +41 22 727 05 50
> Mail: [EMAIL PROTECTED]
>
>
>
>
> "Dan Langille" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 09.07.2001 15:35
> Please respond to modssl-users
>
> =20
> To: [EMAIL PROTECTED]
> cc:=20
> Subject: Client authentication - reviewers wanted
>
>
> I've just finished writing a how-to for setting up client authentication=20
> using self-signed certficates. It includes details of creating the=20
> certificate authority, signing the certificate, web server
> configuration,=20 and=20 installing the certificate in a browser. In this
> instance, I'm using=20 Apache, OpenSSL, and MSIE.
>
> I'm looking for people to review the article from a techincal point of=20
> view=20 (I'm more concerned with technical errors at this point rather
> than=20 spelling mistakes). Once the review recommendations are
> completed,=20 the article will be publicly available. To that end, I'd
> prefer to=20 provide the=20 URL only to people who are knowledgable in this
> area. Please contact=20 me for the URL.
>
> Thanks.
>
> --=20
> Dan Langille
> pgpkey - finger [EMAIL PROTECTED] | http://unixathome.org/finger.php
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> =
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> = =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F Apache
> Interface to OpenSSL (mod=5Fssl) www.modssl.org User
> Support Mailing List [EMAIL PROTECTED] Automated
> List Manager [EMAIL PROTECTED]
>
>
>
> --=_alternative 00255912C1256A85_=
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
>
> <br><font size=3D2 face=3D"sans-serif">Yes,</font>
> <br>
> <br><font size=3D2 face=3D"sans-serif">I can review your
> "How-To"=
> !</font>
> <br>
> <br><font size=3D2 face=3D"sans-serif">Sylvain<br>
> <br>
> ---------------------------------------------------------------------------
> = -----------------------------<br> Sylvain Maret<br> Senior Security
> Engineer - Strategic Director<br> e-Xpert Solutions SA<br> Route de
> Pr=E9-Marais 29<br> 1233 Bernex / Geneva<br> Switzerland<br> <br> Tel: +41
> 22 727 05 55<br> Fax: +41 22 727 05 50<br> Mail:
> [EMAIL PROTECTED]</font> <br> <br> <br> <table width=3D100%> <tr
> valign=3Dtop> <td> <td><font size=3D1 face=3D"sans-serif"><b>"Dan
> Langille" <dan@= langille.org></b></font> <br><font size=3D1
> face=3D"sans-serif">Sent by: [EMAIL PROTECTED]= rg</font>
> <p><font size=3D1 face=3D"sans-serif">09.07.2001 15:35</font> <br><font
> size=3D1 face=3D"sans-serif">Please respond to modssl-users</font> <br>
> <td><font size=3D1 face=3D"Arial"> </font>
> <br><font size=3D1 face=3D"sans-serif"> To:
> &nbs= p; [EMAIL PROTECTED]</font> <br><font
> size=3D1 face=3D"sans-serif"> cc: &nbs= p;
> </font> <br><font size=3D1 face=3D"sans-serif">
> Subject:=
> Client authentication - reviewers
> wanted</font>=
> </table>
> <br>
> <br>
> <br><font size=3D2 face=3D"Courier New">I've just finished writing a
> how-to=
> for setting up client authentication <br>
> using self-signed certficates. It includes details of creating the
> <b= r> certificate authority, signing the certificate, web server
> configuration, a= nd <br> installing the certificate in a browser. In
> this instance, I'm using = <br> Apache, OpenSSL, and MSIE.<br> <br> I'm
> looking for people to review the article from a techincal point of view=
> <br>
> (I'm more concerned with technical errors at this point rather than <br>
> spelling mistakes). Once the review recommendations are completed,
> <b= r> the article will be publicly available. To that end, I'd
> prefer to pr= ovide the <br> URL only to people who are knowledgable in
> this area. Please contact = <br> me for the URL.<br> <br> Thanks.<br>
> <br> -- <br> Dan Langille<br> pgpkey - finger [EMAIL PROTECTED] |
> http://unixathome.org/finger.php<br>
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> =
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> = =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F<br> Apache
> Interface to OpenSSL (mod=5Fssl) =
> www.modssl.org<br> User Support Mailing List
> =
> [EMAIL PROTECTED]<br> Automated List Manager
> &nb= sp;
> [EMAIL PROTECTED]<br> </font> <br> <br> --=_alternative
> 00255912C1256A85_=--
>
> ---------z41025_boundary_sign
> Content-Type: application/x-pkcs7-signature; name="smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7s"
> Content-Description: S/MIME Cryptographic Signature
>
> MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA
> oIAwggK3MIICIKADAgECAgMEo4wwDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYT
> AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEP
> MA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo
> MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMTA0
> MTkxMzA0NDFaFw0wMjA0MTkxMzA0NDFaMG0xDjAMBgNVBAQTBU1hcmV0MRAwDgYD
> VQQqEwdTeWx2YWluMRYwFAYDVQQDEw1TeWx2YWluIE1hcmV0MTEwLwYJKoZIhvcN
> AQkBFiJzeWx2YWluLm1hcmV0QGUteHBlcnRzb2x1dGlvbnMuY29tMIGfMA0GCSqG
> SIb3DQEBAQUAA4GNADCBiQKBgQDj2WwpTna6nv6rBdb1Hh0zlObDYcbpsd6Nwsaz
> oPQjrs6Nl3Ecy43qHKjQOLiHI8yDPbn5iKWW2/+rsNCEGmofNskkxpnNvuwV1/Ug
> a4PygUhk3T8z5s+VpP5GoWpAECfM21+G5YKEL44xIhyW+sVvTwTu/tAL2dhqVhJN
> qz1CuQIDAQABoz8wPTAtBgNVHREEJjAkgSJzeWx2YWluLm1hcmV0QGUteHBlcnRz
> b2x1dGlvbnMuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAm4S5
> OK2Hqjc3Bl6gRL9KyaA4u7+L0z6I5thB3Sf5uwx1TMjVsjIUdpfY/U+CnTT/ZqRd
> PHC2KX2i22OncXd5OJkNQJq+Zuj/XvvAm08rLTuwkbT5N6d686RoMfF1Z/qboCWz
> 5+NcHF8JIlvrl5MBAaJJ+IqgkQ8KlqfqqPjfUI4wggMpMIICkqADAgECAgEMMA0G
> CSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD
> YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0
> aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQw
> IgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0B
> CQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDAwODMwMDAwMDAw
> WhcNMDIwODI5MjM1OTU5WjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rl
> cm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAb
> BgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBG
> cmVlbWFpbCBSU0EgMjAwMC44LjMwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
> gQDeMzKmY8cJJUU+0m54J2eBxdqIGYKXDuNEKYpjNSptcDz63K737nRvMLwzkH/5
> NHGgo22Y8cNPomXbDfpL8dbdYaX5hc1VmjUanZJ1qCeu2HL5ugL217CR3hzpq+AY
> A6h8Q0JQUYeDPPA5tJtUihOH/7ObnUlmAC0JieyUa+mhaQIDAQABo04wTDApBgNV
> HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMS0yOTcwEgYDVR0TAQH/
> BAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAcxtvJmWL
> /xU0S1liiu1EvknH6A27j7kNaiYqYoQfuIdjdBxtt88aU5FL4c3mONntUPQ6bDSS
> rOaSnG7BIwHCCafvS65y3QZn9VBvLli4tgvBUFe17BzX7xe21Yibt6KIGu05Wzl9
> NPy2lhglTWr0ncXDkS+plrgFPFL83eliA0gwggMtMIIClqADAgECAgEAMA0GCSqG
> SIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBl
> MRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n
> MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
> VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEW
> HHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNOTYwMTAxMDAwMDAwWhcN
> MjAxMjMxMjM1OTU5WjCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
> Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3Vs
> dGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEk
> MCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcN
> AQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEB
> AQUAA4GNADCBiQKBgQDUadfUsJRkW3HpR9gMUbbqcpGwhF59LQ2PexLfhSV1KHQ6
> QixjJ5+Ve0vvfhmHHYbqo925zpZkGsIUbkSsfOaP6E0PcR9AOKYAo4d49vmUhl6t
> 6sBeduvZFKNdbnp8DKVLVX8GGSl/npom1Wq7OCQIapjHsdqjmJH9edvlWsQcuQID
> AQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAMfskn5O
> +PWWpWdiKqTwTRFg0G+NYFhhrCa7UjVcCM8w+6hKloofYkIjjBcP9LpknBesRynf
> nZhe0mxgcVyirNx54+duAEcftQ0o6AKd5Jr9E/Sm2Xyx+NxfIyYJkYBz0BQb3kOp
> gyXy5pwvFcr+pquKB3WLDN1RhGvk+NHOd6KBAAAxgDCCAesCAQEwgZowgZIxCzAJ
> BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
> VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2
> aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAID
> BKOMMAkGBSsOAwIaBQCggaswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
> hkiG9w0BCQUxDxcNMDEwNzEwMDY0NzU2WjAjBgkqhkiG9w0BCQQxFgQUl+nvye0N
> mhJlvUGMCgEpQRu8FaswTAYJKoZIhvcNAQkPMT8wPTAHBgUrDgMCHTAOBggqhkiG
> 9w0DAgICAIAwCgYIKoZIhvcNAwcwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ
> KoZIhvcNAQEBBQAEgYAyNyNo1HQLglasq3+fZL7WKuxiL4k0c7bQPe/6QD9/p1tb
> wd/v5kMqxAWpY8UfDFKSPHfLiH+078TP1r7teGH2gT/PX1IZ4ztZE3Cu37+6TA3Y
> 4+DS/dTRKNDsfZrFIOpduTad5XCUSnd8wtA4mH3/FpSGUK0i86aAVC6ztRHM3QAA
> AAAAAAAA
>
> ---------z41025_boundary_sign--
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org User
> Support Mailing List [EMAIL PROTECTED] Automated
> List Manager [EMAIL PROTECTED]
>
--
Dan Langille
pgpkey - finger [EMAIL PROTECTED] | http://unixathome.org/finger.php
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
