> Please, could you explain me where I can find documentation about Client
> Authentication.
> I want test it on our Intranet.
> I don't know how to generate Client Certificates and import them inside the
> browser.
>
I don't know too much about Documentation, but I can tell you more or
less how to generate certificates:
A client certificate is built in five steps.
1. Generate a public/private key pair
2. Generate a certificate request with you public key
3. Have your request signed by a CA
4. Merge your private key and the signed certificate into a pkcs12 file
5. Import this into your browser
openssl provides support for all these steps.
1. Generate a key pair
openssl genrsa -des3 -out my.key
2. Generate a certificate request with you public key
openssl req -new -key my.key -out my.csr
(Answer the following question for the certificate data)
3. Have your request signed by a CA
Send this request to a CA of your choice. How to build an own CA and
how to sign request is perfectly described in the mod_ssl FAQ.
4. Merge your private key and the signed certificate into a pkcs12 file
The CA should then provide you with a signed certificate in either PEM,
or DER Format. We assume PEM now and the file will be called my.crt
To generate a pkcs12 file, type:
openssl pkcs12 -inkey my.key -in my.crt -out my.p12 -name "My Name"
5. Import this into your browser
This depends on your browser.
In Netscape, click the lock icon, choose Certificate->Yours and then
press the "Import a certificate" button. Choose your file and:voila
Bye
Tim
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
