httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Conner <...@conman.org>
Subject Re: [users@httpd] mod_ssl Client authentication question
Date Tue, 20 Jan 2009 18:59:54 GMT
It was thus said that the Great Brian Mearns once stated:
> 
> Thanks for the detailed response, Sean. I'm still not entirely clear
> on one thing, though: If I created my own certificate and gave the the
> organization name "Conman Laboratories" and an Organzational unit name
> of "Clients", would I be able to get onto your site? I'm 90% sure that
> the answer is NO, because I'm not signed by the CA specified by the
> SSLCACertificateFile directive, but the Apache documentation, as I
> interpreted it, is not explicit that this directive applies an
> implicit condition to the SSLRequire directive.

  I think it does.  The client certificate didn't work util I added the CA
Certificate to the file pointed to by SSLCACertificateFile.  If I were to
add your CA Certificate to that file, then yes, you should be able to sign
certificates with an organization name "Conman Laboratories" and a unit name
of "Clients" and have it accepted.  

  Of course, you could always try signing a certificate with said
information and see what happens.

  -spc 




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message