my actual problem is something like this.
I have a http server for my intranet. And I have 4 users as of now.
with the present certificate, only one user can get through and i want to be able to issue
different certificates to each individual user. Now, I wish to know these things:
1. how will i generate certificate-bundle?
2. How can I make sure that a particular certificate goes to a
particular user only? Is there anything like binding a certificate to a
particular host or IP address or a particular mail id ? <<I get
this doubt because after i made the certificate, i tried to contact
my server from different hosts and I get the same certificate.......>>
3. Can i automate the process of issuing certificates? << i.e.,
if any IP address database can be made where i can specify the hosts
who can have certificates issued to them....and the first time the particular
host contacts the server, server will automatically generate the certificate
for the client by asking him for all the details>>
regards
murali krishna vemuri
Owen Boyle wrote:
"Murali K. Vemuri" wrote:
>
> hi,
> i could make a certificate in the way given by you.
> i copied the .crt and .key files into /etc/httpd/conf/ssl.crt/server.crt and
> ../ssl.key/server.key respectively and then restarted the httpd.
> after that i set the multi.crt ( i created like this instead of your suggested
> kiwi.crt) and multi.key
> paths in the httpd conf file in the /etc/httpd/conf/httpd.conf file .
> i am attaching the relevant portions of the httpd.conf file here.
> now, to test whether my certificate works or not, i typed
> openssl -x509 -noout -text -in multi.crt
> i observe that the certificate is same as was generted by me.
> but, when i open netscape and type https://yogi (it is my host name), i get the
> same old certificate
> which is "snake oil ' etc.........
> can some one tell me how i can get rid of that "snake oil" certificate for ever ?Double-double-check the path leads to the correct file, i.e. do:
openssl -x509 -noout -text -in /etc/httpd/conf/ssl.crt/multi.crt
If this is correct then the problem must be caching in the browser.
Click on the security icon and delete any certificates you have already
accepted.> is there any documentation available out there?
http://www.modssl.org/ and click on "Documents"...
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
-- with thanks for your time, Murali Krishna Vemuri
off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037.
