Good Afternoon Everybody,
I am not sure if it is the right forum to ask this question. If not
please guide me.
mod_ssl provides fabulous mechanism of doing client authentication. It
does so by issuing client certificates signed by your own CA
certificate ca.crt.
How we can use mod_ssl
ng from non-client cert to client cert areas.
Regards
Matt
- Original Message
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Thursday, September 25, 2008 9:37:00 AM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
l for the server cert.
Regards
Matt
- Original Message
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Tuesday, September 23, 2008 1:39:16 PM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Ok. This seems lik
AIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Tuesday, September 23, 2008 1:39:16 PM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i use a
self
: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can n
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
Bu
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a "third"
party where one does not have access to their root ca key ?.
Ie.
I
Øyvin Sømme wrote:
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.
Am Montag, 13. Juni 2005 09:49 schrieb Charles-Edouard Ruault:
> Well to prevent access in http you should place a deny directive in the
> http related part of your config file.
>
> deny from all
>
>
I think this will be the only solution. However the documentation says:
This directive forb
Harry Knitter wrote:
>Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
>
>
>>I´m trying to setup a system where the client authentication for a special
>>directory should be done via client certificates. I have set up a CA (using
>>OpenSSL) and the according ce
Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
> I´m trying to setup a system where the client authentication for a special
> directory should be done via client certificates. I have set up a CA (using
> OpenSSL) and the according certificate and key files for the CA the server
I´m trying to setup a system where the client authentication for a special
directory should be done via client certificates. I have set up a CA (using
OpenSSL) and the according certificate and key files for the CA the server
and a client.
The client browser (Mozilla Firefox) has all
On Fri, Jun 03, 2005 at 08:56:56AM +0200, Øyvin Sømme wrote:
> Method 2 (SSLRequire):
>
> The user-id field is just '-'.
>
> Can I somehow configure apache/mod_ssl to only store certain elements of
> the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.0 supports
Hi.
I have read the instructions at:
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9
and successfully set up a web server which runs HTTPS and requires
client certificates for authentication.
However, I am not 100% pleased with neither of the *two* methods. What I
dislike is the *user-id*
On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.a
On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.o
On Sat, 25 Dec 2004, Adolfo Bello wrote:
> I heartily agree.
> Unfortunately, I've been waiting for more than a year for this problem
> to be fixed in Apache 2.0.x :-(
> This bug was opened on 2002-09-06
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
Usually the trick to getting someth
On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > It just doesn't work in Apache 2.0.x.
> > Use Apache 1.3.x.
>
> That doesn't sound like very good advice... if something is broken in
> Apache 2.0.x, we should just fix it. :-/
>
> --Cliff
On Sat, 25 Dec 2004, Adolfo Bello wrote:
> It just doesn't work in Apache 2.0.x.
> Use Apache 1.3.x.
That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/
--Cliff
__
Apac
On Sat, 2004-12-25 at 15:37 -0500, David T. Ashley wrote:
> Hi,
>
> I installed Bugzilla, and the directory it is in has the
>
> VerifyClient require
>
> and all the Apache directives set in the httpd.conf file. It works fine
> (the browsers makes me choose a client certificate) but when I subm
Hi,
I installed Bugzilla, and the directory it is in has the
VerifyClient require
and all the Apache directives set in the httpd.conf file. It works fine
(the browsers makes me choose a client certificate) but when I submit a form
into Bugzilla I get an error to the effect that POST is not allo
I am away until the 14th April 2004
I will get back to you as soon as i can when I return.
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online
then please contact one of the other members of the OLSU team who will try to help.
to access private key stored on smart card.
If I set Apache to not require client authentication then I am
able to reuse a SSL session ID when connecting via HTTPS. I ran the
following test with openssl:
openssl s_client -connect localhost:443 -state -reconnect
The results basically inform
I want to setup two webservers with different domains,lets say www.domain1.comand www.domain2.comI want to host these webservers on a single apacheserver using vhosts, but ... There are twodifferent known clients accessing these webservers:client1 and client2.Now I want to issue an cer
I want to setup two webservers with different domains,
lets say www.domain1.com
and www.domain2.com
I want to host these webservers on a single apache
server using vhosts, but ... There are two
different known clients accessing these webservers:
client1 and client2.
Now I want to issu
Guys, just to ley you know that I have solved the problem.
The CA cert I was using was bad (wrong extensions set). That is why
Apache/mod_ssl was saying that it was an invalid CA cert. Using a different
CA solved my problem and I can use client certs to log on fine now !
Many thanks for your he
Many thanks to those of you who have helped me on this.
Unfortunately I still have the problem. I have also duplicated the problem on
a completely different environment, so I think it is either me, or the
certificates I am using !
I have taken all of you advice and set up the web server like th
Le 24 Oct, Chris Covell a ecrit :
> Hello there Martial,
>
> many thanks for you quick reply.
>
>> We also have: root CA -> sub CA -> client or server cert
>>
>> we have put the root and sub CA in a directory pointed by:
>> SSLCACertificatePath
>>
>
> In seperate files ?
Yes each Ca is i
I have this setup, this should work...
SSLCertificateFile
/opt/DKBapache/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/opt/DKBapache/conf/ssl.key/server.key
SSLCACertificateFile
/opt/DKBapache/conf/ssl.crt/CA.crt
SSLVerifyClient require
SSLVerifyDepth 2
The CA.crt file contains the Root and int
here, can any of you guys help me with this problem please ?
I have been using mod_ssl and client authentication via apache for
some time
now without any problems. My Apache configuration has been the usual:
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile
Hello there Martial,
many thanks for you quick reply.
> We also have: root CA -> sub CA -> client or server cert
>
> we have put the root and sub CA in a directory pointed by:
> SSLCACertificatePath
>
In seperate files ?
> In this directory we have the attatched Makefile that we run to
We also have: root CA -> sub CA -> client or server cert
we have put the root and sub CA in a directory pointed by:
SSLCACertificatePath
In this directory we have the attatched Makefile that we run to make a
hash of all CA and link the result of the hash to eatch CA.
This work fine
Hello there, can any of you guys help me with this problem please ?
I have been using mod_ssl and client authentication via apache for some time
now without any problems. My Apache configuration has been the usual:
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
:[EMAIL PROTECTED]
Kopie:
Thema: Re: Problem with Reverse Proxy and Client
hi steffen
>ProxyPass /myapp https://backendserver/app
>ProxyPassReverse /myapp/ https://backendserver/app/
any specific reason for the missing trailing slashes in the ProxyPass
directive, or is this only a typo?
regards
michael
__
Hello,
we want to setup a reverse proxy (http in, https to the backend IBM HTTP
Server) with client authentication to the backend.
On Linux and WinNT 4 SP5 (with Apache 2.044 and OpenSSL 0.97) we are both
getting segmentation faults or exits (see below). We checked the
communication through
I realised that I included irrelevant log snipet from the SSL log. Please
see the correction below.
Aaron Stromas said:
> Hi,
>
> I apologise for cross-posting - I'm really not sure which component is
> at fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list
> (or some other venue)
Hi,
I apologise for cross-posting - I'm really not sure which component is at
fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list (or some
other venue) dedicated to mod_jk?
My environment is Apache 1.3.22, mod_ssl 2.8.5, OpenSSL 0.9.6b, tomcat 4.0.3.
I have a servlet mounted like
path_to]/cacert.pem
SSLVerifyClient require
SSLVerifyDepth 1
* Because the client authentication fails, server closes the connection,
which at the client side results in: Exception while waiting for close
java.net.SocketException: Cannot send after socket shutdown: JVM_recv in
We have problem with client authentication from some client.
On server side we use Apache 1.3.24 with mod_ssl 2.8.8.
All client use MS IE 5 or higher and MS Windows 98-2000.
>From some client is client authentication without problems, but from some
not.
I think, certificate on client is instal
the path for SSLCACertificateFile was wrong.
know its working
> -Ursprüngliche Nachricht-
> Von: Jochen Vogel [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 6. Juni 2002 13:14
> An: '[EMAIL PROTECTED]'
> Betreff: Client Authentication Problem
>
>
hi,
i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured
Alias /test/ "/opt/www/test/"
Options Indexes
Order allow,deny
Allow from 192.168.0.142
SSLVerifyClient require
SSLVerifyDepth 1
./logs/ssl_engine_log <
Hi,
i´m trying to use Client Authentication with
certificates... so I´m using
apache_1.3.22
mod_ssl_2.8.5-1.3.22
openssl-0.9.6c
and the apache configurations is like
this
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/www-data/443.psmi.com.br ServerName
443.psmi.com.br
th this code care to comment?
Rick Barry
Compaq Computer Corporation Compaq Secure Web Server Project Team
110 Spit Brook Road OpenVMS System Software Group
Nashua, NH 03062 Business Critical Server Group
(603) 884-0634
-Original Message-
From: Barry, Richard
Sent: We
Nashua, NH 03062 Business Critical Server Group
(603) 884-0634
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 6:54 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [BugDB] Client Authentication BUG with FakeBasicAuth (PR
Full_Name: Sergio Rabellino
Version: 2.8.8
OS: Solaris 7
Submission from: (NULL) (130.192.239.73)
The "if" in ssl_engine_kernel.c at line 1130 to check against DN/password
authorization
directly form a client, break also the internal redirect done by apache under
some conditions, as the director
matic listing from a
> directory under Client Authentication with FakeBasicAuth enabled.
> We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 /
> OpenSSL 0.9.6), now we would to upgrade our apache engine for the
> bugfixes, but even with the 1.2.23/2.8.7 or the 1.3.24/2.8.8 r
Sorry for my repost,
but we continue to get an error if requesting an automatic listing from a directory
under Client Authentication with FakeBasicAuth enabled.
We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 / OpenSSL
0.9.6), now we would to upgrade our apache engine
Hi
Is there a possibility in mod_ssl to define an Error Page for the case
when a required Client Autentication fails? I haven't come across anything
appropriate in the documentation, however I thought there really should be
something like this.
Bye
Tim
___
Hello.
I have successfuly done Client Authentication using client certificates with
apache-openssl-modssl.
SSLVerifyClient none
SSLVerifyClient require
SSLVerifyDepth 5
#SSLCACertificateFile conf/ssl.crt/ca.crt
#SSLCACertificatePath conf/ssl.crt
SSLOptions
r client authentication access control to their directory.Is there any bug with previous versions of mod_ssl which would make client authentication fails?
Not in any of the recent versions ... but since you seem to be wanting.htaccess (I missed the beginning of this question) - have you made
Hi,
> ..htaccess (I missed the beginning of this question) - have you made sure
> that AllowOverride allows the usage of .htaccess within those directories?
Yes I do have something like this on my httpd.conf file:
AllowOverride Options AuthConfig Limit
Options Includes ExecCGI
Will mo
On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote:
> Hi,
>
> > Try to put all these directives in httpd.conf file and
> > also try to put the SSLRequire directive as follows
>
> But I want each user to set their client authentication access control to their
&
Hi,
> Try to put all these directives in httpd.conf file and
> also try to put the SSLRequire directive as follows
But I want each user to set their client authentication access control to their
directory.
Is there any bug with previous versions of mod_ssl which would make
Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6"
-- Shiva
--- Angus Lee <[EMAIL PROTECTED]> wrote:
> Hi, list,
>
> I used .htaccess to add client authentication
Hi, list,
I used .htaccess to add client authentication to access a particular directory.
However it seems that .htaccess is not processed occassionally when http request is
made to an object in that directory. Anything wrong with my configuration?
SSLRequireSSL
SSLVerifyClient require
Dear all:
I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the
server cert and key,and the apache with openssl can works well.
but when I want to configure the client authentication,it can not start.
my configure looks like:
SSLMutex sem
SSLRandomSeed
Dear all:
I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the
server cert and key,and the apache with openssl can works well.
but when I want to configure the client authentication,it can not start.
my configure looks like:
SSLMutex sem
SSLRandomSeed
On Tue, Oct 23, 2001 at 07:44:35AM -0300, Marcelo Maraboli wrote:
> Hello.
>
> Has anyone successfuly done Client Authentication using client
> certificates with apache-openssl-modssl ? (server has self signed
> certificate and Client has a GlobalSign Certificate)
>
work
Hello.
Has anyone successfuly done Client Authentication using client
certificates with apache-openssl-modssl ? (server has self signed
certificate and Client has a GlobalSign Certificate)
or knows about a good tutorial?
thanks...
--
Marcelo Maraboli Rosselott
Ingeniero Civil
Hi,
> Easy way to check - make a normal HTTP virtualhost with the same
> content/functionality and see if you get the same problem.
I guess the hang-up is due to DBD::mysql. I found that the CPU usage drmatically
increased to 80% when accessing the mySQL database using DBD::mysql Perl module.
Angus Lee wrote:
>
> I'm not sure if SSL client authentication used up all my system resources and CPU
>processing power or my poor Perl programming technique leads to the fault. Can
>someone help? Thank you.
>
Easy way to check - make a normal HTTP virtualhost w
Hi,
I've written a Perl script which must be invoked through the web browser by using SSL
client authentication mode. On the server which this Perl script runs, it also runs a
mySQL database server. This server runs Windows 2000 Server.
My Perl script will first do some checking by que
On Sun, Sep 16, 2001 at 10:16:12PM +0800, joan wang wrote:
> I haved try many method, but can't solve my problem.
> I configure my apache in client authentication. After client choosing user
>login(user can choose viewer), the connection is disconnect(authentication failed).
I haved try many method, but can't solve my
problem.
I configure my apache in client
authentication. After client choosing user login(user can choose viewer),
the connection is disconnect(authentication failed). But if client choose the
user cert issued by apache(not third party CA)
--- Angus Lee <[EMAIL PROTECTED]> schrieb:
> Hi,
>
> I've installed OpenSA 1.0b3 on Windows 2000 Server. Everything in
> http://localhost/cgi-bin/private need client authentication to access. When I use
>the POST
> method to post some form data to a CGI program
>
Hi,
I've installed OpenSA 1.0b3 on Windows 2000 Server. Everything in
http://localhost/cgi-bin/private need client authentication to access. When I use the
POST method to post some form data to a CGI program
http://localhost/cgi-bin/private/examine.pl I got the following error:
--
On 9 Jul 2001, at 9:35, Dan Langille wrote:
> I've just finished writing a how-to for setting up client authentication
> using self-signed certficates. It includes details of creating the
> certificate authority, signing the certificate, web server configuration, and
&g
I voluteer as well, if it is not too late.
---
G & S Sistemas de Informacion, S.L. | Teléfono: 9 02 01 44 43
Victoriano Giralt| Land line: +34-952-207-241
Chief Consultant and Owner | Mobile:
On 10 Jul 2001, at 15:47, Owen Boyle wrote:
> Er to be precise, the majordomo program *adds* a "Reply-To" field to
> the header. This takes precedence over the "From" field when you click
> "reply".
That, in my experience, it not the default behaviour of majordomo. You
have to do something
Dan Langille wrote:
> My apologies. I sent a message to the list when it should have gone
> privately.[1]
No problem - easy mistake to make.
> [1] - Unfortunately, the list mangles the reply-to address and sets it to
> the list, not the person who sent the email.
Er to be precise, the ma
x / Geneva Switzerland
> >
> > Tel: +41 22 727 05 55
> > Fax: +41 22 727 05 50
> > Mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > "Dan Langille" <[EMAIL PROTECTED]>
> > Sent by: [EMAIL PROTECTED]
> > 09.07.2001 15:35
> &g
Sent by: [EMAIL PROTECTED]
> 09.07.2001 15:35
> Please respond to modssl-users
>
> =20
> To: [EMAIL PROTECTED]
> cc:=20
> Subject:Client authentication - reviewers wanted
>
>
> I've just finished writing a how-to for setting up client a
Tel: +41 22 727 05 55
Fax: +41 22 727 05 50
Mail: [EMAIL PROTECTED]
"Dan Langille" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09.07.2001 15:35
Please respond to modssl-users
To: [EMAIL PROTECTED]
cc:
Subject: Client
Hello,
Pls give me your document
Regards,
Thanh Binh
Dan Langille wrote:
> I've just finished writing a how-to for setting up client authentication
> using self-signed certficates. It includes details of creating the
> certificate authority, signing the certificate, web server
I've just finished writing a how-to for setting up client authentication
using self-signed certficates. It includes details of creating the
certificate authority, signing the certificate, web server configuration, and
installing the certificate in a browser. In this instance, I
Hatop Goetz <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
07.06.2001 21:25
Please respond to modssl-users
To: [EMAIL PROTECTED]
cc:
Subject: Client Authentication
Hi,
I have managed to get client authentification working on
Hi,
I have managed to get client authentification working on a directory
basis. That is, apache ask for client certificate when I try to
access a file in that directory, I am telling netscape to send
my cclient cert and I do get the page requested.
Thats fine so far, but when I try to get anoth
Full_Name: R.Chu
Version: mod_ssl-2.7.1-1.3.14
OS: Redhat Linux 7.0
Submission from: (NULL) (61.187.56.10)
I have installed mod_ssl-2.7.1-1.3.14 with apache_1.3.14 and
openssl-0.9.6a successfully. Now I want to get client authentication,
I modified the httpd.conf as this:
SSLVerifyClient
I'm going to do one repost in hopes that I get an answer to this. This
really has me stumped.
Hello, I've read the faq and the docs, I've scoured the mailing list, and I
can not find the answer to this. I'm trying to setup client cert
authentication. I have a Verisign signed personal cert on m
Hello, I've read the faq and the docs, I've scoured the mailing list, and I
can not find the answer to this. I'm trying to setup client cert
authentication. I have a Verisign signed personal cert on my browser, and
for now, a self signed cert on the server.
When I try to connect to the site, it
Hello,
I couldn't find any explicit answer on this issue yet. We were trying to
configure an
Apache 1.3.12 + mod_ssl 2.6.6 (+ OpenSSL 0.9.6) to work
as a mirroring proxy. The requirement against the proxy was
that it has to fulfill client authentication requests from the
peers when communic
>Dave,
>OK I am new to SSL and Apache, modlssl.
>So, i can start with the client auth, using a browser first.
>Can you please explain how you sign the client with your own ca cert?
>Basically what are the steps that you need to do, to be a CA?
>I find on the modssl guide, to use sign.sh but i am
, 2001 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: client authentication
At 01:19 PM 04/25/2001 , you wrote:
>Hi,
>i am developing an application, where the server needs to authenticate the
>client. On the client side i am using JSSE. On the server side i am using
>Apache with openssl.
&
At 01:19 PM 04/25/2001 , you wrote:
>Hi,
>i am developing an application, where the server needs to authenticate the
>client. On the client side i am using JSSE. On the server side i am using
>Apache with openssl.
>
>Can anyone tell me the step by step procedure, about
>1. How to make the server r
Hi,
i am developing an application, where the server needs to authenticate the
client. On the client side i am using JSSE. On the server side i am using
Apache with openssl.
Can anyone tell me the step by step procedure, about
1. How to make the server request the client, to send its certifica
I have a problem with modssl and client authentication. The I parse a
PHP script to get my page the client authenticaton is "forgotten", so
then I press a link I have to do a new client authentication. Because we
are using a smartcard as token for the client autentication this is
anoy
Dear list,
i'm in trouble with MSIE 5.5 (128bit EncPack) and modssl2.7.1/Apache
1.3.14.
If I set "SSLVerifyClient require" in my conf file, I can't get any page
from my server.
Pls. note that the browser correctly tell me that the site want a
certificate to authenticate access, I select it from
How do I make a root CA known to apache but not valid for client authentication?
(apache1.3.17,modssl2.8,openssl0.9.6)
I've got a three tier cert hierarchy like:
root ca --signs--> project ca --signs--> server/client certs
The problem is that unless I place the
ent: Tuesday, February 20, 2001 9:42 AM
To: [EMAIL PROTECTED]
Subject: 3tier certificate + client authentication doesn't seem to work.
(newest apache/modperl/openssl)
How do I make the root CA known to apache but not valid for client
authentication? (only the sub root CA that signed the se
How do I make the root CA known to apache but not valid for client
authentication? (only the sub root CA that signed the server/client should be
valid. (apache1.3.17,modssl2.8,openssl0.9.6)
I've got a three tier cert hierarchy like:
root ca --signs--> project ca --signs--> server/c
On Wed, Feb 07, 2001 at 03:35:03PM +0100, Reich, Stefan wrote:
> Ok, so on my site it's the same behaviour.
>
> I am using
>
> SSLSessionCache dbm:/myapache/logs/ssl_scache
> SSLSessionCacheTimeout 300
>
Try shm instead of dbm - IIRC there has been a couple of cases where that
fix
f: Re: question on client authentication using certificates
On Wed, Feb 07, 2001 at 02:01:27PM +0100, Reich, Stefan wrote:
> This seems to be indeed a session problem. But it's Netscape specific.
> If I look in the log, IE is reusing a session and I can see counters like
> request 1
On Wed, Feb 07, 2001 at 02:01:27PM +0100, Reich, Stefan wrote:
> This seems to be indeed a session problem. But it's Netscape specific.
> If I look in the log, IE is reusing a session and I can see counters like
> request 1 request 2 request 3 and so on.
> With Netscape these subsequent requests a
not asked for the certificate
again.
Is someone out there, who successfully uses certificate based client
authentication with Netscape without this effect?
-Ursprüngliche Nachricht-
Von: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Gesendet: Mittwoch, 7. Februar 2001 11:14
An: [EMAIL PROTECTE
On Wed, Feb 07, 2001 at 09:34:29AM +0100, Reich, Stefan wrote:
> Hi,
>
> I had the Netscape Problem too. I didn't get an answer up to now.
> The only way to get around this I found up to now is to configure to send
> the certificate automatically, instead of asking.
>
> If you find a better solu
richt-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 6. Februar 2001 23:50
An: [EMAIL PROTECTED]
Betreff: question on client authentication using certificates
Howdy,
I am having a problem with modssl certificate based client authentication
that
will undoubtedly have a s
Howdy,
I am having a problem with modssl certificate based client authentication that
will undoubtedly have a simple answer.
Currently, I have a CA certificate that I use to sign all my client
certificates. On the apache+modssl server I want to use certificate based
authentication. The
Hi...
> to sign your own certificate, you cannot use a plain server certificate. You
> need a CA certificate, a certificate, which allows you to sign other
> certificates. There are many different types of certificates, each serves
> one ore more special purposes. A server certificate can only be
1 - 100 of 163 matches
Mail list logo