I am trying to set up a system where client needs to authenticate itself
to the Server. Server authentication is not required. Both client and
server are on Win NT. The client code is written using JDK 1.2.2 and
JSSE1.0.2.
The setup is as follows:
Apache : 1.3.6
mod_ssl : 2.3.11
openssl : 0.9.6
I am using document at following link to do the setup:
http://www.pseudonym.org/ssl/wwwj-index.html#ssl_inst
I have completed the following:
(1) Created a self-signed CA certificate using the command
$SSLDIR/bin/openssl req -new -x509 -keyout ${SSLDIR}/private/CAkey.pem
\
-out ${SSLDIR}/private/CAcert.pem
-config /usr/local/ssl/openssl.cnf
The files generated are CAkey.pem and CAcert.pem.
(2) As server authentication is not required, I skipped to the step to create client certificate.
(3) For creating client certificate and getting it signed by the CA
certificate generated in (1)
above, what are the options ?
I tried to create client certificate
via Netscape, assuming I can export it later to use it in my
code. The link in the HTML form entry,
<FORM NAME="GenerateForm" ACTION="http://www.pseudonym.org/cgi-bin/ns_key.pl">
said: This link failed, so we tried
to modify the perl script and run on our Apache web server. The error
we got was
[error] [client someIPAddress] (2)No
such file or directory: couldn't spawn child process: d:/apache/cgi-bin/nsexe.pl
Any help in steps to create client certificate certified by self-signed
CA certificate generated by me, so that I
can use it with the Java code using JSSE will be appreciated. The shell
scripts (e.g. cca.sh) do not work on NT.
If I need to go through NS or IE and then export it, please give details
of the same.
regards,
- divyen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
