Sounds like your trying to use the thawte apache cert to sign your client certs? The thawte cert won't have the right attributes to sign a client cert and then try to use it.
You could use your CA for client certs and Thawte for the server cert. Regards Matt ----- Original Message ---- From: Jan Stian Gabrielli <[EMAIL PROTECTED]> To: modssl-users@modssl.org Sent: Monday, September 22, 2008 7:54:37 PM Subject: Can i use CA signed cert to create client authentication certificates ? I am trying to set up apache with mod_ssl , and I have it working with a Self Signed CA. But i can not get it to work with a cert created by thawte.com. Does anyone know if it is possible to do this with a crt signed by a "third" party where one does not have access to their root ca key ?. Ie. I have generated a : apache_server.key made a apache_server.csr and sent this for signing by thawte.com Recived a apache_server.crt Created a client.key and a client.csr Signed it with my apache_server.key and apache_server.crt Converted the client.key,crt to a pkcs12 file and imported this into my browser but i can not make things work. SSL works fine on the server on pages that does not require SSL client auth. A I stated earlier, IT works when I create and self sign a CA, but I cant make it work when I use a 3rd party CA and only have apache_server.key, apache_server.crt , thawte root cert. Best regards Wizkidnono –œ…â'µêßiÇ ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)à.+-š‡l²[¬z»&¡Û,–Šàëh™«^t¸¬´Æ§j«™¨èÚ&¢j²Éh® ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
