I'm running apache
1.3.19 + mod_ssl-2.8.3 + openssl-0.9.6a on a solaris 8
box....
I've used CA.pl to
make / generate / self sign my certs.
Everything works
correctly, I want to do Client based Auth so I generated a .p12 file for the
client browsers.
$ openssl pkcs12 -export -in server.crt
-inkey server.key -out 4browser.p12
I can import the
.p12 file with no problems when running ie 4 / 5 / 5.5
But when running IE
6 I am getting a dns error ( which I know is not the case )
I've been attempting
to figure this whole process out by reading various articles over the past few
days so I am not 100% sure if my methodology is correct.
Any insight would be
greatly appreciated.
Thanks
Snippet from
httpd.conf :
## SSL Virtual Host
Context
##
##
<VirtualHost
_default_:443>
DocumentRoot "/home/httpd/html"
ServerName blah.blah.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
DocumentRoot "/home/httpd/html"
ServerName blah.blah.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine
on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile
/usr/local/apache/conf/CA/server.crt
#SSLCertificateFile /usr/local/apache/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /usr/local/apache/conf/CA/server.key
#SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server-dsa.key
#SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
#SSLCertificateFile /usr/local/apache/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /usr/local/apache/conf/CA/server.key
#SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server-dsa.key
#SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
SSLVerifyClient
none
#SSLVerifyDepth 10
#SSLVerifyDepth 10
SSLCACertificatePath
/usr/local/apache/conf/CA/demoCA
SSLCACertificateFile /usr/local/apache/conf/CA/demoCA/cacert.pem
#SSLCARevocationPath /usr/local/apache/conf/ssl.crl
#SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle.crl
SSLCACertificateFile /usr/local/apache/conf/CA/demoCA/cacert.pem
#SSLCARevocationPath /usr/local/apache/conf/ssl.crl
#SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle.crl
<Location
/stuff>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
-----------------------------------------------------------
Jon Edmunds, Los Angeles, CA
http://www.redlite.org | http://www.mindtrick.org
-----------------------------------------------------------
Jon Edmunds, Los Angeles, CA
http://www.redlite.org | http://www.mindtrick.org
-----------------------------------------------------------
