I have successfully generated SSL client certificates for my Apache web site users, and we have successfully tested them using it to access my restricted areas on my web site.
One thing I'm not sure of is why there is a private/public key pair in the client certs. Hopefully it's not the same private key used to generate the CSR, or is it? In any event, why is it needed? All I am using the certs for is to allow access to my site which is done by (as I understand it) Apache checking that (1) the client cert hasn't been revoked and (2) it has been signed by me as the CA. BTW, I currently have not put any restrictions in the client certs. Would that make a difference? I will test that while I await any responses. Thanks for any help. Best regards, -Tom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
