I am also very interested on this issue. I have an application that uses the Digital
Certificate to identify the user. I have used test server certificates and test client
certificates from verisign (http://www.thawte.com/) and it works, but I want to specify
which CAs I want to accept or if I want to accept all CAs.
If you get information about this subject, please send it to the list.
I would be a good thing if OrionServer Team answer some questions on this list.
David Elliot wrote:
> Hi all,
>
> Has anybody managed to add additional trusted Certificate Authority's
> to those available with the default Orion install?
>
> After configuring Orion to use SSL using the provided docco I
> accessed the secure site and bingo, worked first time (as opposed
> to iPlanet, Tomcat!). However I need to use client-auth
> (authentication from client certificates) so the next step was
> to turn client-auth on.
>
> Unfortunately the client certificates installed in my browser
> have been issued by my companies' own CA (not by Verisign & Co),
> and it looks as though Orion is not prepared to trust client
> certificates signed by this CA. I'm guessing this because when
> IE provides a list of client certificates to submit to the Orion
> challenge, the list is empty. Presumably this means Orion is
> not listing my companies' CA in the list of CA's it is prepared
> to trust??
>
> I have tried adding my companies' CA certificate to the 'cacerts'
> keystore believing that Orion might be picking up its list of trusted
> CA's from there. Unfortunately that did not work...still an empty
> list of client certs provided by IE (I do know the client certs are
> installed correctly in IE as other SSL servers here can request and
> use them...)
>
> Any thoughts on how to add trusted CA's to Orion greatly
> appreciated...!!
>
> Dave Elliot
> [EMAIL PROTECTED]
>
> _____________________________________________________________________________________
> Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
