Here is a document written by Lenya Khachaturov that has helped me to install the certificates created for the MSIE or Netscape client : > -----Message d'origine----- > De: Martin Kraemer [SMTP:[EMAIL PROTECTED]] > Date: mercredi 21 juin 2000 12:59 > �: Petr Zeman > Cc: [EMAIL PROTECTED] > Objet: Re: Apache+SSL > > On Wed, Jun 21, 2000 at 11:21:03AM +0200, Petr Zeman wrote: > > Hallo! > > Can you help me with my new problem with APACHE? > > I would like to install SSL into my APACHE. > > I downloaded source of APACHE 1.3.12, mod_ssl-2.6.4.-1.3.12, > openssl-0.9.5a, > > complied it and install it (as is written in mod_ssl documentation). > > I created certificates by 'make certificate TYPE=custom' and install > them. > > When I set SSLVerifyClient directive to 'none', all is O.K. - my > connection > > switches into protected mode. But when I set directive to 'require' > to > > verify > > client, I can't connect to server. Can you advice me, what I have to > do? > > How to create client certificate, how to set up SSL directives, > etc.? > > I tried use Microsoft Certificate Server from WinNt Opt. Pack, > > but all my attempts with it failed. > > I have IE 5.00.2314.1003, WinNT 4.00.1381. > > That is a question for the modssl-users support mailing list, > (not for me personally), see > > http://www.modssl.org/support/ > > for information on how to subscribe to the mailing list. > > However, my assumption is that you don't actually *HAVE* a personal > client > certificate in your browser. You can get one from commercial > certificate > authoriries like www.thawte.com, www.verisign.com, or for instance > http://www.tc-trustcenter.de/english/certificates/we_offer.htm > > Without a client certificate, the browser cannot respond with a > certificate when the server asks for it, therefore no connection can > be > made. > > Martin > -- > <[EMAIL PROTECTED]> | Fujitsu Siemens > Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730 Munich, Germany > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED]
Hello Mike, Here's a step-by-step you want. It's written for Apache, but you can use it as well. Saturday, April 29, 2000, 8:30:33 AM, you wrote: MF> I've just installed OpenSSL 0.94.3 on a Linux box with hopes of eventually MF> setting up a secure POP3/IMAP server (perhaps using stunnel). MF> Unfortunately, I am not sure where to start with respect to running my own MF> test CA, and generating the required certificates for stunnel and then for MF> client machines (running MS IE and/or Netscape). I've seen the various docs MF> and links from www.openssl.org, but nothing that is a step-by-step "getting MF> started" guide. MF> Any assistance is greatly appreciated. If time permits, I'm quite willing MF> to write such a document providing I get myself up and running with some MF> understanding of the process. MF> Thanks, MF> Mike. MF> --- MF> "Trying is the first step towards failure." MF> - Homer Simpson MF> ______________________________________________________________________ MF> OpenSSL Project http://www.openssl.org MF> User Support Mailing List [EMAIL PROTECTED] MF> Automated List Manager [EMAIL PROTECTED] -- Best regards, Lenya mailto:[EMAIL PROTECTED]
Client-server authentication in Apache Web Server with OpenSSL.doc
