I guess I'll include this as well... http://www.phpfreaks.com/forums/index.php?topic=346615.0
This is a link to a Forum thread that I tried to originally seek advice in, but to no avail... This might answer questions / give you a more .. flowing .. progression of events as they came to pass. On Thu, Nov 3, 2011 at 9:44 AM, Patrick Litke <[email protected]> wrote: > ... I tend to do things that are usually new to me, and frequently > innately irritating (but so cool!). But hey, that's what being a nerd is > all about, isn't it? > > I have my own personal server set up at my house (been doing a lot of work > hardening it after those Romanian kids gave me a scare..) - noobitron.com > I've turned into a security nut, and have for the past couple months been > going crazy trying to absorb as much as I can, with my most recent project > being certificate based authentication using Apache2 and mod_ssl. > > Now, I'm not just some kid shooting blind here - I like to think that I've > got a pretty good grasp on Linux and the Apache config files, but I cannot > for the life of my get this to work. > > Config Excerpts: > http://pastebin.com/tg7zTpWe > http://pastebin.com/KNCiUeG6 > > OpenSSL Diagnostic Info: > http://pastebin.com/asTvVJQe > > Side Note: > Using : http://pastebin.com/MCRVjzsc > I now get : http://pastebin.com/Dbdg2QBg -> CA Failure Alert - No trust > from the CA, but it's the same CA/set of certs that I'm using to secure my > server (startcom, free class1 certs) > > Problem: Going to my /sekrit folder (www.noobitron.com/sekrit) gives me a > handshake failure alert, regardless of whether or not I have my certificate > installed in my browser. So I have a couple questions that may or may not > shed some light on my issues, but I'm also hoping that you troll gurus can > lend a hand :P > > Do the (and I lack the vocabulary here..) Code Values (eg: C = IL, O = > StartCom Ltd.) need to be same when I create the certificate for the > browser (prior to signing it)? > Do I need a special key/cert file that I currently do not have to be able > to sign my browser certificates? > Once I get this working, how does one go about using apache/mod_sssl to > see WHO specifically is trying to connect? > > If you need more info from my configs, please let me know :) > > I'm sorry for all the links to pastebin, but I figured that it was a lot > easier than trying to format chunks of code in an ascii only email :P > > - Pat >
