I am trying to configure my web server so when user brian attempts to connect to https://myhost/brian/ it authenticates him via his certificate and it allows him to view the directory. I successfully compiled apache + modssl with a test certificate signed by Snake Oil. So, here goes on the questions.
Do I need to create my own Certificate Authority? If I create my own CA, how do I get Netscape to use it as a CA? I am using Netscape 4.7 on Solaris. If I create my own CA, does my Apache/modssl server perform that function? Do I need to create a certificate for Brian? Does it have to be signed by the CA? Here are the answers I came up with so far. It looks like I need to create a CA and that I can run it on the my modssl alongside the server.crt. Here is how I created the CA $ openssl genrsa -des3 -out ca.key 1024 I created a self signed CA certificate. $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt So this created my certificate authority certificate. I created at server.key. The CN for the server.key is the FQDN of my modssl web server. $ openssl genrsa -des3 -out server.key 1024 I created a request (server.csr) using that server key. openssl req -new -key server.key -out server.csr Then I signed the server key with the command: $ ./sign.sh server.csr which produced a server.crt file. So, it looks like I have a CA and the server certificate. I create a key for myself which I signed using the CA. $ openssl genrsa -des3 -out brian.key 1024 $ openssl req -new -key brian.key -out brian.csr $ sign.sh brian.csr Then I end up with the following files. brian.crt ca.crt ca.db.serial server.crt brian.csr ca.db.certs/ ca.key server.csr brian.key ca.db.index file.p12 server.key I can't seem to import my key (brian.crt) into my Netscape browser though. Is there some other format I need to import it into? brian -- Brian Lavender http://www.brie.com/brian/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
