here is what i did to generate client sertificates. be aware of the
clientakey.pem and clienta.pem are two different files.
1. openssl req -new -out clienta.csr -keyout clientakey.pem
Enter the details for the certificate, i.e common name being the
client/employee, \
Joe Bloggs.
2. openssl x509 -req -in clienta.csr -out clienta.pem -CA
YOUR_SERVERS_CERTIFICATE \
-CAkey YOUR_SERVERS_PRIVATE_KEY -CAcreateserial -days 365 -outform PEM
3. openssl pkcs12 -export -in clienta.pem -out clienta.p12 -inkey
clientakey.pem \
-name Joe Bloggs
Distribute clienta.p12 (rename clienta.p12 to Joe_Bloggs.p12) to
client/employee.
Haldor.
On Thu, 4 Apr 2002 01:43:05 +0200 (MEST) [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Hello modssl users !
I managed to set up an ssl aware web server.
Although I searched the web and also the list
archive I haven't been able to create a client
certificate which is signed by my own CA for
client authentication.
Could someone describe the process of creating
such a certificate in detail ?
Thank you Owen for your answer but you misunderstood
my question.
And you Maik misunderstood my question, too.
I, of course, read the FAQ and all the other available docs
but they say nothing about creating client (!) certificates !
The process of creating a server certificate is sufficiently
documented in the FAQ and it was no problem for me to
create it.
My question is: How can I create client (!) certificates for
client authentication to the server and not
server certificates ?!
Anyone ?
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]