httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18575] New: - document how to allow a variety of client certificates similar to SSH's authorized_keys file?
Date Tue, 01 Apr 2003 17:21:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18575>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18575

document how to allow a variety of client certificates similar to SSH's authorized_keys file?

           Summary: document how to allow a variety of client certificates
                    similar to SSH's authorized_keys file?
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: All
               URL: http://httpd.apache.org/docs-
                    2.0/ssl/ssl_howto.html#certauthenticate
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Documentation
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: hauser@acm.org


Amend documentation telling how it is possible to specify client certificate
access similar to what is achieved with the .ssh/authorized_keys file?

If I want to allow a selective mix of self-signed and CA-signed client
certificates of various depths, it appears that this is difficult to realize
just by having the proposed DNs in the AuthUserFile and the
SSLCACertificateFile/SSLCACertificatePath directives where all CA certificates
need to be included.

Especially, it it is not clear to me which depth I would choose in 
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifydepth?
Maybe "1", but then all intermediate CA certs would have to be stored in
SSLCACertificate* as well?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message