--- Richard Rojas <[EMAIL PROTECTED]> wrote:
> I'm a PHP newbie and Im really having difficulty with
> client-server certificate validation using Openssl and
> PHP. If somehow you know of a tutorial, a website or
> sample PHP codes that checks (expired, revoked) and
> validates client certificates, it would be of great help.

This is a pretty complicated task for a beginner. I assume that you
are just new to PHP but are otherwise well-versed in public key
cryptography and SSL?

It is very difficult to find a great deal of information on client
authentication, simply because 99% of SSL implementations are only
concerned with authenticating the server.

My experience developing an application like this is unfortunately
only in ColdFusion, but if memory serves correctly, I found the most
useful information when searching through the Web server's
documentation. In fact, I am sure that we experimented with allowing
the Web server to handle the client authentication, basically only
allowing access to clients who presented a digital certificate signed
by a specific CA (ours). So, my first suggestion would be to search
through your Web server's documentation. We got this working in
Apache I know, so if you're using that, I know the information is

Another recommendation would be to search the mod_ssl documentation.
Ralph Engelschall is pretty well-known for providing very accurate
and descriptive documentation, and I would be willing to bet that he
has some specific examples involving client authentication. Even if
you aren't using Apache, I bet this would be helpful.

O'Reilly has a book on OpenSSL that I've been thinking of getting
myself: http://www.oreilly.com/catalog/openssl/. You might want to
check that out in a bookstore or something.

Sorry I cannot be more helpful. Perhaps someone else will chime in
with some better information. Please let us know what you find.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to