Ok. This seems like a viable solution. Ie. I use an approved CA signed cert to verify the site auhtentisity, and i use a selfsigned CA root for client certificates.
Can you point me in a direction of how i make this work in apache ?. I already have a setup with a Selfsigned CA working for client certificates. Createed SelfSignedCA |-->Create and Sign Apache Cert from SelfSigned CA |-->Create and Sign Client Cert from SelfSigned CA How do I incorporate this with a CA (thawte) signed webserver certificate ?. Best regards Wizkidnono Original Message ----------------------- Sounds like your trying to use the thawte apache cert to sign your client certs? The thawte cert won't have the right attributes to sign a client cert and then try to use it. You could use your CA for client certs and Thawte for the server cert. Regards Matt ----- Original Message ---- From: Jan Stian Gabrielli <[EMAIL PROTECTED]> To: modssl-users@modssl.org Sent: Monday, September 22, 2008 7:54:37 PM Subject: Can i use CA signed cert to create client authentication certificates ? I am trying to set up apache with mod_ssl , and I have it working with a Self Signed CA. But i can not get it to work with a cert created by thawte.com. Does anyone know if it is possible to do this with a crt signed by a "third" party where one does not have access to their root ca key ?.. Ie. I have generated a : apache_server.key made a apache_server..csr and sent this for signing by thawte.com Recived a apache_server.crt Created a client.key and a client.csr Signed it with my apache_server.key and apache_server.crt Converted the client.key,crt to a pkcs12 file and imported this into my browser but i can not make things work. SSL works fine on the server on pages that does not require SSL client auth. A I stated earlier, IT works when I create and self sign a CA, but I cant make it work when I use a 3rd party CA and only have apache_server.key, apache_server.crt , thawte root cert. Best regards Wizkidnono –œ…â'µêßiÇ ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)à.+-š‡l²[¬z»&¡Û,–Šàëh™«^t¸¬´Æ§j«™¨èÚ&¢j²Éh® ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED] ����'���iǭ��^�$���l�\0�j��h�,z����+�Ƣ�)�.+-��l�[�z�&��,����h��^t���Ƨj������&�j��h�