Hi, I have a CA, and I have a web server. The web server's cert is signed by the CA. On this server I want to only allow those clients which have valid cert's for accessing it (no anonymous access that is). In apache this is done by adding a list of the user's certs. This is fairly simple.
If I have understood the principles correctly, the user's certificates must contain the user's private key, right? How do I create (with openssl) a certificate for each of these users, which would be installable on the client's browsers (in PEM or DER format)? Finally, for the server's safety, I must sign these private cert's with either the CA or the web server. Please note that I have read the http://www.pseudonym.org/ssl/ssl_cook.html page. Is this the only way to do it? Is it possible for a server to make these client certificate and distribute them to the users in an offline manner, which the users in turn can install on their browsers. Regards, Svein ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]