httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antoine de Lobel-Mahy" <adelo...@meeschaert.com>
Subject RE: [users@httpd] using client certificates with apache 2.0
Date Thu, 19 Sep 2002 17:32:46 GMT
Hi everybody, 

I find the answer alone, as a big person :-)))
The problem was on my client certificate.
DER extension for this was not ok,
the client certificate file must be a p12 extension 
with the good option on creation :
$ openssl pkcs12 -export -inkey keyfile -in infile -out outfile.p12

thanks for all.

Antoine

> -----Message d'origine-----
> De : Antoine de Lobel-Mahy [mailto:adelobel@meeschaert.com]
> Envoyé : jeudi 19 septembre 2002 18:11
> À : users@httpd.apache.org
> Objet : [users@httpd] using client certificates with apache 2.0
> 
> 
> Hello,
> 
> My apache server is now running ok with SSL.
> 
> I have again a little problem, someone can help me?
> 
> I have a root certificate : "root-mee.crt". This file is on 
> my client (IE 6) and on server
> I have a server certificate : "srv-mee.pem" and the key  : 
> "srv-mee.key". Those files are on my server.
> 
> I have too a client certificate : "antoine.der". this file is 
> on my client (IE 6).
> 
> All certificates are create with openssl 0.9.6.
> srv-mee.pem and antoine.der are signed with root-mee.crt.
> 
> 
> In the httpd.conf, I have those lines :
> 
> SSLCertificateFile = ....../srv-mee.pem
> SSLCertificateKey = ....../srv-mee.key
> 
> SSLCACertificateFile = ....../root-mee.crt
> ..
> ..
> ..
> <Virtualhost myserver:443>
> 	SSLEngine on
> 	Documentroot "....."
> 	DirectoryIndex Index.html
> 	Servername myweb.mydomain.com
> 	ServerAlias myweb
> 	SSLVerifyClient	require
> 	SSLVerifyDepth	1
> </Directory>
> 
> 
> When SSLVerifyClient, SSLVerifyDepth are uncomment, I cannot 
> connect my client on server.
> Where is the problem, Someone knows the way of solution?
> 
> 
> Thanks for your help.
> 
> Antoine
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message