httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ahnjoan Amous" <ahnj...@gmail.com>
Subject [users@httpd] Trusting a single intermediate CA vs all of the intermediate CAs of a particular root CA
Date Sat, 16 Aug 2008 22:57:37 GMT
Anyone know if it is possible to configure Apache for pki
authentication so that only certificates from a single intermediate CA
are allowed access rather than certificates from all of the
intermediate CAs of a particular root CA?

I've...
Added the root CA and intermediate CA certificates to
SSLCACertificateFile, and the CRLs for both to SSLCARevocationFile and
it allows access to users with certificates from an intermediate CA
that isn't included but that is under the same root CA.

Added only the intermediate CA certificate to SSLCACertificateFile,
and the CRL for that CA to SSLCARevocationFile and the error logs that
it is "unable to get local issuer certificate"

Same as just above, but with adding the RootCA to the
SSLCertificateChainFile thinking this could also apply for client
side.

Manipulated the SSLVerifyDepth count but believe that this isn't going
to help me either...

Thanks for any pointers

Ahnjoan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message