Sonu Kishore wrote: > I have successfully issued ca certificate, web server certificate and client > certificate. > how can i use the issued certificate for non-repudiation. > I want user "x" to access my web site with a certificate issued to him for > accessing the web site. > no one else should be able to access my site using other users web access > certificates. > > my web site is configured with apache & tomcat on linux 7.1 redhat > > please guide me ..it's urgent
You simply have to configure apache with Client Authentication:
SSLVerifyClient require
SSLVerifyDepth 10
Then simply use the ENV variables ( SSL_CLIENT_M_DN, but you'd better
check it in the mod_ssl docs ) within your scripts or use the config
of apache:
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
where you can specify a per directory access requirements.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
