Andy,
I've been struggling with client certs, my question is attached, any help
appreciated.
My thoughts on your problem - have you tried removing the Verisign cert from
cacerts in jre/lib/security/cacerts? In my config there's a Verisign cert
there by default (keytool -list -v -keystore cacerts).
At least you're getting the ability to use a Verisign cert, I'm getting
nowhere!
Rgds, Mick
----- Original Message -----
From: "Andy Lawrence" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: 12 June 2000 22:57
Subject: Specifying a particular cert server for Orion/SSL
> Hi,
>
> When setting up SSL in Orion, how can I specify that the SSL portion of
> Orion should ONLY accept client certs that were issued from a particular
> host? IE, if I have a private CA that issues client certs for my
> application, how can I accept ONLY those, and not those from Verisign?
>
> TIA
>
>
----------------------------------------------------------------------------
--------
Help on the following appreciated:
Having done the following:
- configured Orion for SSL Client Authentication (as below)
- obtained certificate from Thawte
- checked that the CA root cert (corresponding to my cert) is in
jre\lib\security\cacerts
IE5 presents me with the choice of no certificates when accessing the secure
web site. NN5 shows my list of certs, but attempted access with the Thawte
cert fails. Any ideas? Solutions or "where to look" would help!
I had assumed that I should be able to add trusted CA certs somewhere so
that I could allow anyone with a cert from a trusted CA into the site. Is
this possible? If so, how?
Also, I don't fully understand the significance of
ssl-user-registration.jsp. Why would I want a user with a cert to register
(I trust him)? Have I missed something fundamental here?
Thanks, Mick
Here's the web-site config:
<web-site host="[ALL]" secure="true" display-name="Secure Orion WebSite"
log-request-info="true">
<default-web-app application="default" name="defaultWebApp" />
<web-app application="mdp" name="mdp-web" root="/mdp" />
<web-app application="news" name="news-web" root="/news" />
<web-app application="atm" name="atm-web" root="/atm" />
<ssl-config keystore="keystore" keystore-password="123456"
needs-client-auth="true" />
<access-log format="$ip - $user - [$time] '$request' $status $size"
path="../log/secure-web-access.log" />
</web-site>
