here is what i did to generate client sertificates. be aware of the clientakey.pem and clienta.pem are two different files.
1. openssl req -new -out clienta.csr -keyout clientakey.pem Enter the details for the certificate, i.e common name being the client/employee, \ "Joe Bloggs". 2. openssl x509 -req -in clienta.csr -out clienta.pem -CA YOUR_SERVERS_CERTIFICATE \ -CAkey YOUR_SERVERS_PRIVATE_KEY -CAcreateserial -days 365 -outform PEM 3. openssl pkcs12 -export -in clienta.pem -out clienta.p12 -inkey clientakey.pem \ -name "Joe Bloggs" Distribute clienta.p12 (rename clienta.p12 to Joe_Bloggs.p12) to client/employee. Haldor. On Thu, 4 Apr 2002 01:43:05 +0200 (MEST) [EMAIL PROTECTED] wrote: >[EMAIL PROTECTED] wrote: >> >> Hello modssl users ! >> >> I managed to set up an ssl aware web server. >> Although I searched the web and also the list >> archive I haven't been able to create a client >> certificate which is signed by my own CA for >> client authentication. >> >> Could someone describe the process of creating >> such a certificate in detail ? > > >Thank you Owen for your answer but you misunderstood >my question. >And you Maik misunderstood my question, too. >I, of course, read the FAQ and all the other available docs >but they say nothing about creating client (!) certificates ! >The process of creating a server certificate is sufficiently >documented in the FAQ and it was no problem for me to >create it. > >My question is: How can I create client (!) certificates for > client authentication to the server and not > server certificates ?! > >Anyone ? > >-- >GMX - Die Kommunikationsplattform im Internet. >http://www.gmx.net >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]