On Sat, Sep 4, 2021 at 08:44 Rob wrote:
> Correct me if I'm wrong but I believe what you're looking for is basically
> in the FAQ:
> http://httpd.apache.org/docs/current/ssl/ssl_howto.html#intranet
>
Thanks, Ron. I agree think seems to have the right settings combination if
I back out the
Correct me if I'm wrong but I believe what you're looking for is
basically in the FAQ:
http://httpd.apache.org/docs/current/ssl/ssl_howto.html#intranet
That's a slightly more complex idea, however it looks to me like the
combination of settings is there to be played with.
-Rob
On Fri, Sep 3, 2021 at 16:21 Orendt, John
wrote:
> Hi Tom
>
...
>
These two techniques can be used separately or together.
>
When both password and client cert are used it could be called two factor
> authentication.
>
> Any of the above combinations are supported by httpd.
>
Thanks, John. But
Hi Tom
The TLS Client cert verifies that the client device has use of the private key
corresponding the client cert. When verified you have mutual authentication
between the client device and the server device.
User name / password authenticates that hopefully a human knows the
credentials.