Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 10233 invoked from network); 20 Jan 2009 19:00:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Jan 2009 19:00:34 -0000 Received: (qmail 87922 invoked by uid 500); 20 Jan 2009 19:00:23 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 87909 invoked by uid 500); 20 Jan 2009 19:00:23 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 87900 invoked by uid 99); 20 Jan 2009 19:00:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Jan 2009 11:00:23 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of spc@conman.org designates 66.252.224.242 as permitted sender) Received: from [66.252.224.242] (HELO brevard.conman.org) (66.252.224.242) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Jan 2009 19:00:16 +0000 Received: from brevard.conman.org (localhost [127.0.0.1]) by brevard.conman.org (Postfix) with ESMTP id B7B4C1AA92E5 for ; Tue, 20 Jan 2009 13:59:54 -0500 (EST) Received: (from spc@localhost) by brevard.conman.org (8.13.1/8.13.1/Submit) id n0KIxsu4026298 for users@httpd.apache.org; Tue, 20 Jan 2009 13:59:54 -0500 X-Authentication-Warning: brevard.conman.org: spc set sender to spc@conman.org using -f Date: Tue, 20 Jan 2009 13:59:54 -0500 From: Sean Conner To: users@httpd.apache.org Message-ID: <20090120185954.GA17896@brevard.conman.org> References: <4df3a1330901160539w1a0831fclad51254e355b18b@mail.gmail.com> <20090120073058.GD1448@brevard.conman.org> <4df3a1330901200521v504f4b6w628339d29fcee0e6@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4df3a1330901200521v504f4b6w628339d29fcee0e6@mail.gmail.com> User-Agent: Mutt/1.4.1i X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] mod_ssl Client authentication question It was thus said that the Great Brian Mearns once stated: > > Thanks for the detailed response, Sean. I'm still not entirely clear > on one thing, though: If I created my own certificate and gave the the > organization name "Conman Laboratories" and an Organzational unit name > of "Clients", would I be able to get onto your site? I'm 90% sure that > the answer is NO, because I'm not signed by the CA specified by the > SSLCACertificateFile directive, but the Apache documentation, as I > interpreted it, is not explicit that this directive applies an > implicit condition to the SSLRequire directive. I think it does. The client certificate didn't work util I added the CA Certificate to the file pointed to by SSLCACertificateFile. If I were to add your CA Certificate to that file, then yes, you should be able to sign certificates with an organization name "Conman Laboratories" and a unit name of "Clients" and have it accepted. Of course, you could always try signing a certificate with said information and see what happens. -spc --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org