... I tend to do things that are usually new to me, and frequently innately irritating (but so cool!). But hey, that's what being a nerd is all about, isn't it?
I have my own personal server set up at my house (been doing a lot of work hardening it after those Romanian kids gave me a scare..) - noobitron.com I've turned into a security nut, and have for the past couple months been going crazy trying to absorb as much as I can, with my most recent project being certificate based authentication using Apache2 and mod_ssl. Now, I'm not just some kid shooting blind here - I like to think that I've got a pretty good grasp on Linux and the Apache config files, but I cannot for the life of my get this to work. Config Excerpts: http://pastebin.com/tg7zTpWe http://pastebin.com/KNCiUeG6 OpenSSL Diagnostic Info: http://pastebin.com/asTvVJQe Side Note: Using : http://pastebin.com/MCRVjzsc I now get : http://pastebin.com/Dbdg2QBg -> CA Failure Alert - No trust from the CA, but it's the same CA/set of certs that I'm using to secure my server (startcom, free class1 certs) Problem: Going to my /sekrit folder (www.noobitron.com/sekrit) gives me a handshake failure alert, regardless of whether or not I have my certificate installed in my browser. So I have a couple questions that may or may not shed some light on my issues, but I'm also hoping that you troll gurus can lend a hand :P Do the (and I lack the vocabulary here..) Code Values (eg: C = IL, O = StartCom Ltd.) need to be same when I create the certificate for the browser (prior to signing it)? Do I need a special key/cert file that I currently do not have to be able to sign my browser certificates? Once I get this working, how does one go about using apache/mod_sssl to see WHO specifically is trying to connect? If you need more info from my configs, please let me know :) I'm sorry for all the links to pastebin, but I figured that it was a lot easier than trying to format chunks of code in an ascii only email :P - Pat
