RE: client authentication

HEDGE,VANI (HP-Cupertino,ex1) Wed, 25 Apr 2001 14:23:22 -0700
Dave,
OK I am new to SSL and Apache, modlssl.
So, i can start with the client auth, using a browser first.
Can you please explain how you sign the client with your own ca cert?
Basically what are the steps that you need to do, to be a CA?
I find on the modssl guide, to use sign.sh but i am on NT. so do you know
any equivalent for Windows?
After singing the client csr, what are the steps we need to do on the client
side? What are the steps we need to do on the server side?

Thanks,
Vani.

-----Original Message-----
From: Deocs Postmaster [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 25, 2001 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: client authentication


At 01:19 PM 04/25/2001 , you wrote:
>Hi,
>i am developing an application, where the server needs to authenticate the
>client. On the client side i am using JSSE. On the server side i am using
>Apache with openssl.
>
>Can anyone tell me the step by step procedure, about
>1. How to make the server request the client, to send its certificate?
>I have added the following lines in httpd.cnf.
>
>SSLVerifyClient require
>SSLVerifyDepth 1
>
>But when i try to access the url using browser(to test the server
settings),
>i get an empty list box asking me to select the certificate to use when
>connecting.
>What do i need to do to see some certificates there?
>
>What do i need to do to access this secure site using a program?
>
>2.I want to be my CA
>3.How to add certs? etc etc?


I was able to get a Java Browser to connect to Apache+SSL, but it was
very difficult compared to my experiences with Netscape for IE.  Java
has its own cert file, and I found the Java rules strict and the Java
documentation scattered and inconsistent.  Some docs are here:

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html

About 2/5 of the way down is a section named "Importing Certificates"
and is a good start.  As I recall I had to look in other Java sites
to find more clues.  One of them indicated that some versions of Java
didn't work with Thawte certs.  At that point I reverted to an earlier
cert and things started working.  It did work with a cert that I signed.

Lots of luck, sorry I didn't have more information.

Dave

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: client authentication

Reply via email to
