Hello Matthias, Thank you for response. > Hello, > > sounds for me a little bit complicated. Isn't it enough to protect the > server for example with .htaccess and each person will get its own > username / password. The thing is that I am going to restrict the access on some public interface pages, for example: there is a page for requesting a certificate for hosts. The pre-condition for requesting such a certificate is that the person, accessing the page MUST have a valid certificate from my Certification Authority (CA), with OU=SA (site administrator) in certificate subject DN, imported into his browser. I would like to inspect the DN of client's certificate and, if it matches the criteria I need, provide him with the request form, otherwise show him an error message (page), describing the reason for denying the access to the form (invalid certificate, absence of imported certificate, etc.) I cannot contact each site administrator to tell him the username and the password. > Moreover normally the certificate request is to be checked at the ra > site thus you could only prevent someone from bringing in a lot of > sensless requests but the authentication of the person is not > recognized to the certificate request. > > Perhaps it helps you to have a look at the OpenCA Guide: > > https://www.openca.org/projects/openca/openca-guide.pdf > > Chapter 1.2.3 on page 47 > This chapter tells about accessing the interface with X.509 certificates by the manager (CA operator, RA operator, etc.), not the user (client, requester), doesn't it?
Best regards, Arsen. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
