Dmitry Morozovsky schrieb:
>
> On Tue, 29 Jun 1999, Holger Reif wrote:
>
> [skip]
>
> > BTW why do you think it's wrong to issue completely
> > new certs for your users that already have other
> > certs? Don't you have more than one oficial id
> > document like passport, drivers licence etc.
>
> Well, at least i prefer to minimize cases when clients could be disturbed by
> "stupid" questions like "what cert do you want to use with this site"
>
> Or did I miss something?
You missed the SSLCACertificate{Path|File} ;-)
It's just a matter of configuring only your own ClientCa here.
If they don't have a client cert from your CA you most
probably don't need to care about their problems.
> > If you want to rely on other's CA work you should
> > make some restrictions with SSLRequire directive.
>
> Surely, I've already did it -- or esle how could I get existing client cert
> and verify it's not a fake? ;-)
Of course, but that becomes tricky, if you have big
base of clients. Putting them all into SSLRequire is
not very handy...
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
