httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject [users@httpd] SSL Cllient Certificate Requirements Question
Date Thu, 19 Jul 2012 15:11:25 GMT
I have a single server with a multiple vhost SSL certificate from a
recognized CA.  All vhosts are using SSL/TLS successfully and
exclusively with HSTS enforcement.

I would now like to add SSL client certificates for individual vhost
private directory access and plan to do so using a self-generated,
self-signed CA certificate (self-CA) set up, with one certificate per
authorized user and vhost.  My question for my set up is this:

  Does the client browser have to import anything other than its
assigned SSL client certificate?

One source I've found says I will also have to have my self-CA
certificate available for import by each client browser but another
source says no (I can provide the sources later when I get access to
my own computer).  The Apache 2.4 docs, as I interpret them, imply
that they are two separate things and only the single client
certificate will have to be imported since the session SSL connection
is created through the widely-recognized CA certificate.

(I apologize for any unclear terminology--I am still trying to sort it all out.)

Thanks.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message