httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <>
Subject Re: [users@httpd] mod_ssl Client authentication question
Date Tue, 20 Jan 2009 19:12:27 GMT
On Tue, Jan 20, 2009 at 1:59 PM, Sean Conner <> wrote:
> It was thus said that the Great Brian Mearns once stated:
>> Thanks for the detailed response, Sean. I'm still not entirely clear
>> on one thing, though: If I created my own certificate and gave the the
>> organization name "Conman Laboratories" and an Organzational unit name
>> of "Clients", would I be able to get onto your site? I'm 90% sure that
>> the answer is NO, because I'm not signed by the CA specified by the
>> SSLCACertificateFile directive, but the Apache documentation, as I
>> interpreted it, is not explicit that this directive applies an
>> implicit condition to the SSLRequire directive.
>  I think it does.  The client certificate didn't work util I added the CA
> Certificate to the file pointed to by SSLCACertificateFile.  If I were to
> add your CA Certificate to that file, then yes, you should be able to sign
> certificates with an organization name "Conman Laboratories" and a unit name
> of "Clients" and have it accepted.
>  Of course, you could always try signing a certificate with said
> information and see what happens.
>  -spc

Thanks, again, Sean. I appreciate the help.

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message