Hiya
Thawte gives out free client certs. You have to enroll (free), and then
you can come back with your username/password and get as many certs as
you like.
If you want client certs for authentication and email, I genuinely think
your best bet is the Strong Extranet. You can set it up and test it
absolutely free, and if you run with it through Thawte it will cost you
$1000 per year for up to 10,000 users. You should also be able to get
SSLeay to work well, which is free.
To test strong extranet authentication:
1. get mod_sxnet from ftp://ftp.thawte.com/pub/
2. un-tar it somewhere
3. ./configure --activate-module=/path/to/sxnet/mod_sxnet.c
4. build httpsd
5. enroll in the Thawte personal cert system
6. go to https://www.thawte.com/cgi/personal/sxnet/demo/self.exe
7. give yourself a username
8. get a cert at https://www.thawte.com/cgi/personal/cert/enroll.exe
and make sure you check the "dummy extranet id" flag.
Then add this to the config for a virtualhost:
SSLVerifyClient 3
SSLVerifyDepth 3
AuthType StrongExtranet
SXNetZone 3
require valid-user
Now connect to that virtualhost. It will ask you to present a client
cert. Present the cert you got. View your access log, you will see
that your server extracted your username from the certificate!
Cheers,
--
Mark Shuttleworth
Thawte
S/MIME Cryptographic Signature
