httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <mearn...@gmail.com>
Subject Re: [users@httpd] mod_ssl Client authentication question
Date Tue, 20 Jan 2009 19:12:27 GMT
On Tue, Jan 20, 2009 at 1:59 PM, Sean Conner <spc@conman.org> wrote:
> It was thus said that the Great Brian Mearns once stated:
>>
>> Thanks for the detailed response, Sean. I'm still not entirely clear
>> on one thing, though: If I created my own certificate and gave the the
>> organization name "Conman Laboratories" and an Organzational unit name
>> of "Clients", would I be able to get onto your site? I'm 90% sure that
>> the answer is NO, because I'm not signed by the CA specified by the
>> SSLCACertificateFile directive, but the Apache documentation, as I
>> interpreted it, is not explicit that this directive applies an
>> implicit condition to the SSLRequire directive.
>
>  I think it does.  The client certificate didn't work util I added the CA
> Certificate to the file pointed to by SSLCACertificateFile.  If I were to
> add your CA Certificate to that file, then yes, you should be able to sign
> certificates with an organization name "Conman Laboratories" and a unit name
> of "Clients" and have it accepted.
>
>  Of course, you could always try signing a certificate with said
> information and see what happens.
>
>  -spc
>

Thanks, again, Sean. I appreciate the help.
-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message