httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject Re: [users@httpd] SSL Cllient Certificate Requirements Question
Date Fri, 20 Jul 2012 01:22:03 GMT
On Thu, Jul 19, 2012 at 7:34 PM, Daniel Ruggeri <DRuggeri@primary.net> wrote:
> On 7/19/2012 10:11 AM, Tom Browder wrote:
>> I have a single server with a multiple vhost SSL certificate from a
>> recognized CA.  All vhosts are using SSL/TLS successfully and
>> exclusively with HSTS enforcement.
>>
>> I would now like to add SSL client certificates for individual vhost
>> private directory access and plan to do so using a self-generated,
>> self-signed CA certificate (self-CA) set up, with one certificate per
>> authorized user and vhost.  My question for my set up is this:
>>
>>   Does the client browser have to import anything other than its
>> assigned SSL client certificate?
...

> Since your servers are signed by a known CA, the browsers will only need
> to have a private key/certificate imported to function. In your httpd
> vhost, you will place your self-signed CA certificate (the one that
> signs the client certs) in the file pointed to by SSLCACertificateFile.

Thanks, Daniel!

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message