httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] SSL - How client certificates are verified?
Date Sun, 23 Aug 2015 15:51:02 GMT
Hello, what is your scenario? If you issue (sign) client certificates 
yourself, Apache can correctly verify it against local CRL (certificate 
revocation list) file (server restart may be required after file 
update). There's information in the net concerning OCSP support for 
client authentication in newer versions of Apache (google 
SSLOCSPEnable), but I can see no real use for it save for some very 
complicated systems.

--

With Best Regards,
Marat Khalili

On 23/08/2015 09:51, Sterpu Victor wrote:
> Hello
> I have a web page that asks for client certificate.
> These are the options for this:
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> How does SSLVerifyClient verifies the client certificate?
> This option protects against certificates manual made with a fake 
> public-private key pair?
> So can someoane make a certificate identical with the original, attach 
> another set of public and private keys and pretend to be someoane else?
> Thank you
>
>
> ------------------------------------------------------------------------
> Avast logo <https://www.avast.com/antivirus> 	
>
> This email has been checked for viruses by Avast antivirus software.
> www.avast.com <https://www.avast.com/antivirus>
>
>
>
> /*DISCLAIMER*:
> Acest mesaj de posta electronica si documentele aferente sunt 
> confidentiale. Este interzisa distribuirea, dezvaluirea sau orice alt 
> mod de utilizare a lor. Daca nu sunteti destinatarul acestui mesaj, 
> este interzis sa actionati in baza acestor informatii. Citirea, 
> copierea, distribuirea, dezvaluirea sau utilizarea in alt mod a 
> informatiei continute in acest mesaj constituie o incalcare a legii. 
> Daca ati primit mesajul din greseala, va rugam sa il distrugeti, 
> anuntand expeditorul de eroarea comisa. Intrucat nu poate fi garantat 
> faptul ca posta electronica este un mod sigur si lipsit de erori de 
> transmitere a informatiilor, este responsabilitatea dvs. sa va 
> asigurati ca mesajul (inclusiv documentele alaturate lui) este validat 
> si autorizat spre a fi utilizat in mediul dvs./
>
>


Mime
View raw message