--- Richard Rojas <[EMAIL PROTECTED]> wrote: > I'm a PHP newbie and Im really having difficulty with > client-server certificate validation using Openssl and > PHP. If somehow you know of a tutorial, a website or > sample PHP codes that checks (expired, revoked) and > validates client certificates, it would be of great help.
This is a pretty complicated task for a beginner. I assume that you are just new to PHP but are otherwise well-versed in public key cryptography and SSL? It is very difficult to find a great deal of information on client authentication, simply because 99% of SSL implementations are only concerned with authenticating the server. My experience developing an application like this is unfortunately only in ColdFusion, but if memory serves correctly, I found the most useful information when searching through the Web server's documentation. In fact, I am sure that we experimented with allowing the Web server to handle the client authentication, basically only allowing access to clients who presented a digital certificate signed by a specific CA (ours). So, my first suggestion would be to search through your Web server's documentation. We got this working in Apache I know, so if you're using that, I know the information is there. Another recommendation would be to search the mod_ssl documentation. Ralph Engelschall is pretty well-known for providing very accurate and descriptive documentation, and I would be willing to bet that he has some specific examples involving client authentication. Even if you aren't using Apache, I bet this would be helpful. O'Reilly has a book on OpenSSL that I've been thinking of getting myself: http://www.oreilly.com/catalog/openssl/. You might want to check that out in a bookstore or something. Sorry I cannot be more helpful. Perhaps someone else will chime in with some better information. Please let us know what you find. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
