httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Conner <>
Subject Re: [users@httpd] mod_ssl Client authentication question
Date Tue, 20 Jan 2009 18:59:54 GMT
It was thus said that the Great Brian Mearns once stated:
> Thanks for the detailed response, Sean. I'm still not entirely clear
> on one thing, though: If I created my own certificate and gave the the
> organization name "Conman Laboratories" and an Organzational unit name
> of "Clients", would I be able to get onto your site? I'm 90% sure that
> the answer is NO, because I'm not signed by the CA specified by the
> SSLCACertificateFile directive, but the Apache documentation, as I
> interpreted it, is not explicit that this directive applies an
> implicit condition to the SSLRequire directive.

  I think it does.  The client certificate didn't work util I added the CA
Certificate to the file pointed to by SSLCACertificateFile.  If I were to
add your CA Certificate to that file, then yes, you should be able to sign
certificates with an organization name "Conman Laboratories" and a unit name
of "Clients" and have it accepted.  

  Of course, you could always try signing a certificate with said
information and see what happens.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message