At 01:19 PM 04/25/2001 , you wrote:
>Hi,
>i am developing an application, where the server needs to authenticate the
>client. On the client side i am using JSSE. On the server side i am using
>Apache with openssl.
>
>Can anyone tell me the step by step procedure, about
>1. How to make the server request the client, to send its certificate?
>I have added the following lines in httpd.cnf.
>
>SSLVerifyClient require
>SSLVerifyDepth 1
>
>But when i try to access the url using browser(to test the server settings),
>i get an empty list box asking me to select the certificate to use when
>connecting.
>What do i need to do to see some certificates there?
>
>What do i need to do to access this secure site using a program?
>
>2.I want to be my CA
>3.How to add certs? etc etc?
I was able to get a Java Browser to connect to Apache+SSL, but it was
very difficult compared to my experiences with Netscape for IE. Java
has its own cert file, and I found the Java rules strict and the Java
documentation scattered and inconsistent. Some docs are here:
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
About 2/5 of the way down is a section named "Importing Certificates"
and is a good start. As I recall I had to look in other Java sites
to find more clues. One of them indicated that some versions of Java
didn't work with Thawte certs. At that point I reverted to an earlier
cert and things started working. It did work with a cert that I signed.
Lots of luck, sorry I didn't have more information.
Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
