On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers <r.ted.by...@gmail.com> wrote: > Hi All
Hi, Ted. I, too, have been looking for something like you have. I am in the process of creating a Perl program that may be able to help you (for at least part of your requirements), but I first can point you to one of the most current references I can find for openssl configuration: http://www.phildev.net/ssl/ It's a little outdated in that the following openssl conf object names are no longer valid (at least as of the latest stable release: openssl-1.0.1c): # challengePassword_max # challengePassword_min # commonName_max # countryName_max # countryName_min # emailAddress_max I plan to release my program on git-hub when I have it working. It is designed for my work flow: + multiple virtual hosts on a single Apache server + one private CA for each vhost + all users requiring access to the private area for a vhost must have an SSL client certificate generated and signed by that vhost's CA (and I control the entire CA process as well as the server) I will provide the user passwords for the client certs. to my intermediate helpers via the USPO and the individual client certificates via e-mail. The users have to get their passwords from the helpers via telephone. The passwords are similar to Microsoft client keys but are case sensitive. I will use known email addresses as user names and require the users to enter it when logging onto the site. Apache will reject them if their ssl cert and email don't match. I will rely on my web of trust through my intermediate helpers (all of whom I know) to verify their assigned users (whom they know) and their emails. Best regards, -Tom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org