>
> We (CAcert.org) operate a website on apache that uses certificates from
> ourselves, but only accepts certificates for authentication purposes
> from a different CA.
>
> As long as the certificate for the website is trusted in the browser and
> you don't need to chain the following simple example is how we did it.
>
> http://www.cacert.org/help.php?id=9
It's the way (I can not understand why do not work):
I use GNUTLS to make certificates.
The server have certificate (ca-bundle.crt) of my OWN CA and
GUBERNAMENTAL CA , www server have MY OWN CA signed certificate.
Firefox have CRT of my OWN CA and GUBERNAMENTAL CA imported, and
client certificate is GUBERNAMENTAL.
With data of GUBERNAMENTAL CA client certificate I should can verify
user and extract data to make MY OWN CA client certificate.
But seems that mozilla do not send client certificate, (not ask).
The server said that (apache + mod_gnutls (experimental)):
> GnuTLS: Attempting to rehandshake with peer. 0 2
> GnuTLS: Handshake Failed (-49) 'The peer did not send any certificate.'
Can anyone verify me that mozilla do not send certificate? (I need known were is the problem)
I think that Mozilla should ask what client CRT send to the server.
If the problem are not in mozilla can be mod_gnutls problem or GNUTLS problem.
Thanks in advance,
Fco. J.
| | |
Correo Yahoo!
Comprueba qué es nuevo, aquí
http://correo.yahoo.es
