On Wed, Apr 05, 2000 at 01:38:14AM -0400, Michael Harvey wrote:
> Be Nice ,......I am new
>
> I Need Help with setting up CRL's
> I run a small www site for a special group
> I set up a Self signed CA
>
> My Problem.......
> each client has a cert that is checked
> How do create a Proper crl cert
> I tried..... but they still can log in
>
> or MSIE says "cannot determine the validity of this certificate because
> it cannot locate a valid certificate revocation list"
It doesnt matter at all what MSIE says about CRLs for the purpose of
access control based on client certificates.
You might want to implement a logic like "allow access to some web area
to clients who knows private keys and have certificates signed by my CA".
Now, you probably find it's hard to revoke such a logic.
Solution is using client certificates as authentification and authorise
clients as the next, explicit step. Seems some coding is required here.
mod_auth_mysql would be an example, yes, one of examples
Hope this helps,
Vadim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
