Re: Fwd: How to allow only certain Certificates
Am Freitag, 14. Oktober 2005 13:38 schrieb Cliff Woolley: Helps if I send this from the address that is actually subscribed to the list... resending -- Forwarded message -- From: Cliff Woolley Date: Oct 12, 2005 7:41 AM Subject: Re: How to allow only certain Certificates To: modssl-users@modssl.org On 10/12/05, Dr. Harry Knitter [EMAIL PROTECTED] wrote: how can I restrict access to my Apache to owners of certain individual certificates? Sounds like a good case for FakeBasicAuth combined with Require User. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#ssloptions Hope this helps, Cliff Thanks, however, I´d prefer something like the Unique Subject Identifyer or perhaps the Fingerprints. DNs can be faked easy. Harry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
How to allow only certain Certificates
Hello,
how can I restrict access to my Apache to owners of certain individual
certificates?
I have tried the following (it doesn´t work, however):
SSLREQUIRE %{SSL_CLIENT_S_DN_UID} in {Subject Key Identifyer1,Subject
Key Identifyer2,...}
where Subject Key Identifyer is the X509 extension Subject Key Identifyer of
the client´s certificate.
I tried it with colons and without.
The expression always results in false.
What is the corresponding value for SSL_CLIENT_S_DN_UID in a certificate?
Thanks
Harry
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
Environment variables question
Hello, I have a question about the meaning of some environment variables for mod_ssl. What do the fields T, I, G, S, and D in subject or issuer DNs mean, respectively, to which fields of a certificate do they point? Thanks Harry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Environment variables question
Am Dienstag 11 Oktober 2005 13:09 schrieb BJ Swope: Post your certificate and I'd be glad to take a look. BJ for what do you need my certificate to answer this question? I simply would like to know what is the meaning of the following variables Examples: SSL_CLIENT_S_DN_T SSL_CLIENT_S_DN_I SSL_CLIENT_S_DN_G SSL_CLIENT_S_DN_D Harry On 10/11/05, Dr. Harry Knitter [EMAIL PROTECTED] wrote: Hello, I have a question about the meaning of some environment variables for mod_ssl. What do the fields T, I, G, S, and D in subject or issuer DNs mean, respectively, to which fields of a certificate do they point? Thanks Harry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.orghttp://www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Environment variables question
Am Dienstag 11 Oktober 2005 13:43 schrieb Cliff Woolley: I simply would like to know what is the meaning of the following variables Examples: SSL_CLIENT_S_DN_T SSL_CLIENT_S_DN_I There's a nice table of these at http://www.covalent.net/resource/documentation/ers/2.0.0/productguide/html/ proxymodule.html . I had to dig pretty good to find that, though. I've never seen them before. :) --Cliff Thank you very much, this was what I was searching for. Greetings Harry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
