Good Afternoon Everybody,
I am not sure if it is the right forum to ask this question. If not
please guide me.
mod_ssl provides fabulous mechanism of doing client authentication. It
does so by issuing client certificates signed by your own CA
certificate ca.crt.
How we can use mod_ssl
- Original Message
From: Jan Stian Gabrielli [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Thursday, September 25, 2008 9:37:00 AM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Thank you very much Matt .
That solved it :).
I now have Client
Gabrielli [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Tuesday, September 23, 2008 1:39:16 PM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i
Gabrielli [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a third
party where one does not have access to their root ca key ?.
Ie.
I
: Jan Stian Gabrielli [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.0
yvin Smme wrote:
Joe Orton wrote:
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
Im trying to setup a system where the client authentication for a special
directory should be done via client certificates. I have set up a CA (using
OpenSSL) and the according certificate and key files for the CA the server
and a client
Harry Knitter wrote:
Am Samstag, 11. Juni 2005 10:34 schrieb Harry Knitter:
Im trying to setup a system where the client authentication for a special
directory should be done via client certificates. I have set up a CA (using
OpenSSL) and the according certificate and key files for the CA
Am Montag, 13. Juni 2005 09:49 schrieb Charles-Edouard Ruault:
Well to prevent access in http you should place a deny directive in the
http related part of your config file.
Location /yoururl
deny from all
/Location
I think this will be the only solution. However the documentation says:
Hi.
I have read the instructions at:
http://www.modssl.org/docs/2.8/ssl_howto.html#ToC9
and successfully set up a web server which runs HTTPS and requires
client certificates for authentication.
However, I am not 100% pleased with neither of the *two* methods. What I
dislike is the *user-id*
On Fri, Jun 03, 2005 at 08:56:56AM +0200, yvin Smme wrote:
Method 2 (SSLRequire):
The user-id field is just '-'.
Can I somehow configure apache/mod_ssl to only store certain elements of
the DN (e.g. the CN in the DN) as the user-id in the access-log?
mod_ssl in httpd 2.0 supports the
On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
Hi,
I installed Bugzilla, and the directory it is in has the
VerifyClient require
and all the Apache directives set in the httpd.conf file. It works fine
(the browsers makes me choose a client certificate) but when I submit a form
into Bugzilla I get an error to the effect that POST is not
On Sat, 2004-12-25 at 15:37 -0500, David T. Ashley wrote:
Hi,
I installed Bugzilla, and the directory it is in has the
VerifyClient require
and all the Apache directives set in the httpd.conf file. It works fine
(the browsers makes me choose a client certificate) but when I submit a
On Sat, 25 Dec 2004, Adolfo Bello wrote:
It just doesn't work in Apache 2.0.x.
Use Apache 1.3.x.
That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/
--Cliff
__
On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
It just doesn't work in Apache 2.0.x.
Use Apache 1.3.x.
That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/
--Cliff
I heartily
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
Usually the trick to getting something
On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote:
On Sat, 25 Dec 2004, Adolfo Bello wrote:
I heartily agree.
Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(
This bug was opened on 2002-09-06
I am away until the 14th April 2004
I will get back to you as soon as i can when I return.
If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online
then please contact one of the other members of the OLSU team who will try to help.
I want to setup two webservers with different domains,lets say www.domain1.comand www.domain2.comI want to host these webservers on a single apacheserver using vhosts, but ... There are twodifferent known clients accessing these webservers:client1 and client2.Now I want to issue an
I want to setup two webservers with different domains,
lets say www.domain1.com
and www.domain2.com
I want to host these webservers on a single apache
server using vhosts, but ... There are two
different known clients accessing these webservers:
client1 and client2.
Now I want to
Guys, just to ley you know that I have solved the problem.
The CA cert I was using was bad (wrong extensions set). That is why
Apache/mod_ssl was saying that it was an invalid CA cert. Using a different
CA solved my problem and I can use client certs to log on fine now !
Many thanks for your
Hello there Martial,
many thanks for you quick reply.
We also have: root CA - sub CA - client or server cert
we have put the root and sub CA in a directory pointed by:
SSLCACertificatePath
In seperate files ?
In this directory we have the attatched Makefile that we run to make a
I have this setup, this should work...
SSLCertificateFile
/opt/DKBapache/conf/ssl.crt/server.crt
SSLCertificateKeyFile
/opt/DKBapache/conf/ssl.key/server.key
SSLCACertificateFile
/opt/DKBapache/conf/ssl.crt/CA.crt
SSLVerifyClient require
SSLVerifyDepth 2
The CA.crt file contains the Root and
Le 24 Oct, Chris Covell a ecrit :
Hello there Martial,
many thanks for you quick reply.
We also have: root CA - sub CA - client or server cert
we have put the root and sub CA in a directory pointed by:
SSLCACertificatePath
In seperate files ?
Yes each Ca is in a separate
Many thanks to those of you who have helped me on this.
Unfortunately I still have the problem. I have also duplicated the problem on
a completely different environment, so I think it is either me, or the
certificates I am using !
I have taken all of you advice and set up the web server like
PROTECTED]
Kopie:
Thema: Re: Problem with Reverse Proxy and Client
Hello,
we want to setup a reverse proxy (http in, https to the backend IBM HTTP
Server) with client authentication to the backend.
On Linux and WinNT 4 SP5 (with Apache 2.044 and OpenSSL 0.97) we are both
getting segmentation faults or exits (see below). We checked the
communication through
Hi,
I apologise for cross-posting - I'm really not sure which component is at
fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list (or some
other venue) dedicated to mod_jk?
My environment is Apache 1.3.22, mod_ssl 2.8.5, OpenSSL 0.9.6b, tomcat 4.0.3.
I have a servlet mounted like
I realised that I included irrelevant log snipet from the SSL log. Please
see the correction below.
Aaron Stromas said:
Hi,
I apologise for cross-posting - I'm really not sure which component is
at fault, looks like mod_ssl but possibly mod_jk. BTW, is there a list
(or some other venue)
SSLVerifyClient require
SSLVerifyDepth 1
* Because the client authentication fails, server closes the connection,
which at the client side results in: Exception while waiting for close
java.net.SocketException: Cannot send after socket shutdown: JVM_recv in
socket input stream read
We have problem with client authentication from some client.
On server side we use Apache 1.3.24 with mod_ssl 2.8.8.
All client use MS IE 5 or higher and MS Windows 98-2000.
From some client is client authentication without problems, but from some
not.
I think, certificate on client is installed
the path for SSLCACertificateFile was wrong.
know its working
-Ursprüngliche Nachricht-
Von: Jochen Vogel [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 6. Juni 2002 13:14
An: '[EMAIL PROTECTED]'
Betreff: Client Authentication Problem
hi,
i created a CA and a ClientKey
hi,
i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured
Alias /test/ /opt/www/test/
Directory /opt/www/test/
Options Indexes
Order allow,deny
Allow from 192.168.0.142
SSLVerifyClient require
SSLVerifyDepth 1
Hi,
i´m trying to use Client Authentication with
certificates... so I´m using
apache_1.3.22
mod_ssl_2.8.5-1.3.22
openssl-0.9.6c
and the apache configurations is like
this
VirtualHost
192.168.254.142:443 ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/www-data/443.psmi.com.br ServerName
Group
Nashua, NH 03062 Business Critical Server Group
(603) 884-0634
-Original Message-
From: Barry, Richard
Sent: Wednesday, April 24, 2002 10:42 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [BugDB] Client Authentication BUG with FakeBasicAuth
(PR#695)
This submission is missing
Nashua, NH 03062 Business Critical Server Group
(603) 884-0634
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 6:54 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [BugDB] Client Authentication BUG with FakeBasicAuth (PR
Full_Name: Sergio Rabellino
Version: 2.8.8
OS: Solaris 7
Submission from: (NULL) (130.192.239.73)
The if in ssl_engine_kernel.c at line 1130 to check against DN/password
authorization
directly form a client, break also the internal redirect done by apache under
some conditions, as the directory
Sorry for my repost,
but we continue to get an error if requesting an automatic listing from a directory
under Client Authentication with FakeBasicAuth enabled.
We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 / OpenSSL
0.9.6), now we would to upgrade our apache engine
under Client Authentication with FakeBasicAuth enabled.
We are using successfully an old release (Apache 1.3.14 / ModSSL 2.7.1 /
OpenSSL 0.9.6), now we would to upgrade our apache engine for the
bugfixes, but even with the 1.2.23/2.8.7 or the 1.3.24/2.8.8 releases, we got
errors Access Forbidden
Hi
Is there a possibility in mod_ssl to define an Error Page for the case
when a required Client Autentication fails? I haven't come across anything
appropriate in the documentation, however I thought there really should be
something like this.
Bye
Tim
Hello.
I have successfuly done Client Authentication using client certificates with
apache-openssl-modssl.
SSLVerifyClient none
Directory /usr/local/apache/htdocs/secure/area
SSLVerifyClient require
SSLVerifyDepth 5
#SSLCACertificateFile conf/ssl.crt/ca.crt
Hi,
..htaccess (I missed the beginning of this question) - have you made sure
that AllowOverride allows the usage of .htaccess within those directories?
Yes I do have something like this on my httpd.conf file:
Directory /home/*/*/www
AllowOverride Options AuthConfig Limit
Options
r client authentication access control to their directory.Is there any bug with previous versions of mod_ssl which would make client authentication fails?
Not in any of the recent versions ... but since you seem to be wanting.htaccess (I missed the beginning of this question) - have you made
Hi, list,
I used .htaccess to add client authentication to access a particular directory.
However it seems that .htaccess is not processed occassionally when http request is
made to an object in that directory. Anything wrong with my configuration?
SSLRequireSSL
SSLVerifyClient require
Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
LOCATION
SSLRequire %{SSL_CLIENT_M_SERIAL} eq A6
/LOCATION
-- Shiva
--- Angus Lee [EMAIL PROTECTED] wrote:
Hi, list,
I used .htaccess to add client authentication to
access
Hi,
Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
But I want each user to set their client authentication access control to their
directory.
Is there any bug with previous versions of mod_ssl which would make client
On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote:
Hi,
Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
But I want each user to set their client authentication access control to their
directory.
Is there any bug
Dear all:
I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the
server cert and key,and the apache with openssl can works well.
but when I want to configure the client authentication,it can not start.
my configure looks like:
SSLMutex sem
SSLRandomSeed
Dear all:
I have installed apache+mod_ssl+openssl on the windows 2000,and I also create the
server cert and key,and the apache with openssl can works well.
but when I want to configure the client authentication,it can not start.
my configure looks like:
SSLMutex sem
SSLRandomSeed
Hello.
Has anyone successfuly done Client Authentication using client
certificates with apache-openssl-modssl ? (server has self signed
certificate and Client has a GlobalSign Certificate)
or knows about a good tutorial?
thanks...
--
Marcelo Maraboli Rosselott
Ingeniero Civil
On Tue, Oct 23, 2001 at 07:44:35AM -0300, Marcelo Maraboli wrote:
Hello.
Has anyone successfuly done Client Authentication using client
certificates with apache-openssl-modssl ? (server has self signed
certificate and Client has a GlobalSign Certificate)
works just fine for me
Angus Lee wrote:
I'm not sure if SSL client authentication used up all my system resources and CPU
processing power or my poor Perl programming technique leads to the fault. Can
someone help? Thank you.
Easy way to check - make a normal HTTP virtualhost with the same
content/functionality
Hi,
Easy way to check - make a normal HTTP virtualhost with the same
content/functionality and see if you get the same problem.
I guess the hang-up is due to DBD::mysql. I found that the CPU usage drmatically
increased to 80% when accessing the mySQL database using DBD::mysql Perl module.
Hi,
I've written a Perl script which must be invoked through the web browser by using SSL
client authentication mode. On the server which this Perl script runs, it also runs a
mySQL database server. This server runs Windows 2000 Server.
My Perl script will first do some checking by querying
I haved try many method, but can't solve my
problem.
I configuremy apache in client
authentication.After client choosing user login(user can choose viewer),
the connection is disconnect(authentication failed). But if client choose the
user cert issued by apache(not third party CA), the
On Sun, Sep 16, 2001 at 10:16:12PM +0800, joan wang wrote:
I haved try many method, but can't solve my problem.
I configure my apache in client authentication. After client choosing user
login(user can choose viewer), the connection is disconnect(authentication failed).
But if client choose
Hi,
I've installed OpenSA 1.0b3 on Windows 2000 Server. Everything in
http://localhost/cgi-bin/private need client authentication to access. When I use the
POST method to post some form data to a CGI program
http://localhost/cgi-bin/private/examine.pl I got the following error:
---
405
--- Angus Lee [EMAIL PROTECTED] schrieb:
Hi,
I've installed OpenSA 1.0b3 on Windows 2000 Server. Everything in
http://localhost/cgi-bin/private need client authentication to access. When I use
the POST
method to post some form data to a CGI program
http://localhost/cgi-bin/private/examine.pl I
I voluteer as well, if it is not too late.
---
G S Sistemas de Informacion, S.L. | Teléfono: 9 02 01 44 43
Victoriano Giralt| Land line: +34-952-207-241
Chief Consultant and Owner | Mobile:
On 9 Jul 2001, at 9:35, Dan Langille wrote:
I've just finished writing a how-to for setting up client authentication
using self-signed certficates. It includes details of creating the
certificate authority, signing the certificate, web server configuration, and
installing the certificate
50
Mail: [EMAIL PROTECTED]
Dan Langille [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09.07.2001 15:35
Please respond to modssl-users
=20
To: [EMAIL PROTECTED]
cc:=20
Subject:Client authentication - reviewers wanted
I've just finished
authentication - reviewers wanted
I've just finished writing a how-to for setting up client
authentication=20 using self-signed certficates. It includes details of
creating the=20 certificate authority, signing the certificate, web
server configuration,=20 and=20 installing the certificate
Dan Langille wrote:
My apologies. I sent a message to the list when it should have gone
privately.[1]
No problem - easy mistake to make.
[1] - Unfortunately, the list mangles the reply-to address and sets it to
the list, not the person who sent the email.
Er to be precise, the
On 10 Jul 2001, at 15:47, Owen Boyle wrote:
Er to be precise, the majordomo program *adds* a Reply-To field to
the header. This takes precedence over the From field when you click
reply.
That, in my experience, it not the default behaviour of majordomo. You
have to do something extra
Hi,
I have managed to get client authentification working on a directory
basis. That is, apache ask for client certificate when I try to
access a file in that directory, I am telling netscape to send
my cclient cert and I do get the page requested.
Thats fine so far, but when I try to get
Full_Name: R.Chu
Version: mod_ssl-2.7.1-1.3.14
OS: Redhat Linux 7.0
Submission from: (NULL) (61.187.56.10)
I have installed mod_ssl-2.7.1-1.3.14 with apache_1.3.14 and
openssl-0.9.6a successfully. Now I want to get client authentication,
I modified the httpd.conf as this:
SSLVerifyClient
Hello, I've read the faq and the docs, I've scoured the mailing list, and I
can not find the answer to this. I'm trying to setup client cert
authentication. I have a Verisign signed personal cert on my browser, and
for now, a self signed cert on the server.
When I try to connect to the site,
Hello,
I couldn't find any explicit answer on this issue yet. We were trying to
configure an
Apache 1.3.12 + mod_ssl 2.6.6 (+ OpenSSL 0.9.6) to work
as a mirroring proxy. The requirement against the proxy was
that it has to fulfill client authentication requests from the
peers when communicating
Hi,
i am developing an application, where the server needs to authenticate the
client. On the client side i am using JSSE. On the server side i am using
Apache with openssl.
Can anyone tell me the step by step procedure, about
1. How to make the server request the client, to send its
At 01:19 PM 04/25/2001 , you wrote:
Hi,
i am developing an application, where the server needs to authenticate the
client. On the client side i am using JSSE. On the server side i am using
Apache with openssl.
Can anyone tell me the step by step procedure, about
1. How to make the server request
, 2001 11:16 AM
To: [EMAIL PROTECTED]
Subject: Re: client authentication
At 01:19 PM 04/25/2001 , you wrote:
Hi,
i am developing an application, where the server needs to authenticate the
client. On the client side i am using JSSE. On the server side i am using
Apache with openssl.
Can anyone tell
Dave,
OK I am new to SSL and Apache, modlssl.
So, i can start with the client auth, using a browser first.
Can you please explain how you sign the client with your own ca cert?
Basically what are the steps that you need to do, to be a CA?
I find on the modssl guide, to use sign.sh but i am on
I have a problem with modssl and client authentication. The I parse a
PHP script to get my page the client authenticaton is "forgotten", so
then I press a link I have to do a new client authentication. Because we
are using a smartcard as token for the client autentication this is
anoy
Dear list,
i'm in trouble with MSIE 5.5 (128bit EncPack) and modssl2.7.1/Apache
1.3.14.
If I set "SSLVerifyClient require" in my conf file, I can't get any page
from my server.
Pls. note that the browser correctly tell me that the site want a
certificate to authenticate access, I select it from
How do I make a root CA known to apache but not valid for client authentication?
(apache1.3.17,modssl2.8,openssl0.9.6)
I've got a three tier cert hierarchy like:
root ca --signs-- project ca --signs-- server/client certs
The problem is that unless I place the root ca in SSLCACertificateFile
How do I make the root CA known to apache but not valid for client
authentication? (only the sub root CA that signed the server/client should be
valid. (apache1.3.17,modssl2.8,openssl0.9.6)
I've got a three tier cert hierarchy like:
root ca --signs-- project ca --signs-- server/client certs
ay, February 20, 2001 9:42 AM
To: [EMAIL PROTECTED]
Subject: 3tier certificate + client authentication doesn't seem to work.
(newest apache/modperl/openssl)
How do I make the root CA known to apache but not valid for client
authentication? (only the sub root CA that signed the server/client sho
-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 6. Februar 2001 23:50
An: [EMAIL PROTECTED]
Betreff: question on client authentication using certificates
Howdy,
I am having a problem with modssl certificate based client authentication
that
will undoubtedly have a simple
On Wed, Feb 07, 2001 at 09:34:29AM +0100, Reich, Stefan wrote:
Hi,
I had the Netscape Problem too. I didn't get an answer up to now.
The only way to get around this I found up to now is to configure to send
the certificate automatically, instead of asking.
If you find a better solution,
for the certificate
again.
Is someone out there, who successfully uses certificate based client
authentication with Netscape without this effect?
-Ursprngliche Nachricht-
Von: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Gesendet: Mittwoch, 7. Februar 2001 11:14
An: [EMAIL PROTECTED]
Betreff
: question on client authentication using certificates
On Wed, Feb 07, 2001 at 02:01:27PM +0100, Reich, Stefan wrote:
This seems to be indeed a session problem. But it's Netscape specific.
If I look in the log, IE is reusing a session and I can see counters like
request 1 request 2 request 3
On Wed, Feb 07, 2001 at 03:35:03PM +0100, Reich, Stefan wrote:
Ok, so on my site it's the same behaviour.
I am using
SSLSessionCache dbm:/myapache/logs/ssl_scache
SSLSessionCacheTimeout 300
Try shm instead of dbm - IIRC there has been a couple of cases where that
fixed the
Howdy,
I am having a problem with modssl certificate based client authentication that
will undoubtedly have a simple answer.
Currently, I have a CA certificate that I use to sign all my client
certificates. On the apache+modssl server I want to use certificate based
authentication
Hi all,
i've got a problem with client-authentication via ssl-client-certificates.
It's no problem to get it to work with my selfmade CA and
client-certificates signed by this CA.
But i would like to get an "official" server-certificate from thawte, verisign,
or something like this.
001 10:29
An: [EMAIL PROTECTED]
Betreff: client authentication
Hi all,
i've got a problem with client-authentication via ssl-client-certificates.
It's no problem to get it to work with my selfmade CA and
client-certificates signed by this CA.
But i would like to get an "official"
Hi...
to sign your own certificate, you cannot use a plain server certificate. You
need a CA certificate, a certificate, which allows you to sign other
certificates. There are many different types of certificates, each serves
one ore more special purposes. A server certificate can only be
Hello community,
I try to use mod_ssl for client authentication. Everything works fine with
IE5.5.
When I use Netscape to access my site, Netscape asks me for every request,
which Certificate I want to use for authentication.
So on each link, I have to assign a certificate from the list again
Hi
I've got a question regarding client authentication and self signed
certificates:
I want to force mod_ssl to ban self-signed certificates from being
accepted as valid certificates. From what I remember, one suggestion was
to use SSLRequire in order to compare the subject_dn to the issuers_dn
On Fri, Jan 12, 2001 at 11:33:30AM +0100, Tim Tassonis wrote:
Hi
I've got a question regarding client authentication and self signed
certificates:
I want to force mod_ssl to ban self-signed certificates from being
accepted as valid certificates. From what I remember, one suggestion
I want to force mod_ssl to ban self-signed certificates from being
accepted as valid certificates. From what I remember, one suggestion
was
to use SSLRequire in order to compare the subject_dn to the
issuers_dn.
But this seems to be easily fakeable:
1. Create a self signed CA
On Fri, Jan 12, 2001 at 01:37:42PM +0100, Tim Tassonis wrote:
I want to force mod_ssl to ban self-signed certificates from being
accepted as valid certificates. From what I remember, one suggestion
was
to use SSLRequire in order to compare the subject_dn to the
issuers_dn.
But
many hours on this and I can't get the client authenticated,
with
SSLVerifyClient required
SSLVerifyDepth 1 [or 2] neither work
If I turn client authentication off,
SSLVerifyClient none
SSLVerifyDepth 0
of course, it works fine, but I need to authenticate my clients.
I did however learn, how
On Sat, Aug 26, 2000 at 12:07:22AM -0400, Tammy M Blaser wrote:
I used the Globus CA certificate 42864e48.0 located in the
/opt/globus1.1.3/share/certificates directory as the apache
SSLCACertificateFile.
I also tried pointing to the directory where all the CA are located with
the
Hello,
I have set up mod-ssl with
SSLVerifyClient require
It all works just fine with Netscape, however with IE5 5.01 and 5.01SP1
it is very unreliable.
Most of the time when I enter the URL I get
"DNS Error or server unreachable"
After several refreshes it prompts for the certificate to use.
On Fri, Jul 14, 2000 at 05:37:46PM -0500, Lynette Bellini wrote:
solaris 2.5.1, apache 1.3.12, mod_ssl 2.6.5-1.3.12, openssl-0.9.5a
[Fri Jul 14 17:28:19 2000] [error] mod_ssl: Init: (www.jaws.umn.edu:8443) U
nable to configure verify locations for client authentication
I
On Tue, Jul 18, 2000 at 01:10:12PM +0100, Stuart Gall wrote:
It all works just fine with Netscape, however with IE5 5.01 and 5.01SP1
it is very unreliable.
Most of the time when I enter the URL I get
"DNS Error or server unreachable"
After several refreshes it prompts for the
solaris 2.5.1, apache 1.3.12, mod_ssl 2.6.5-1.3.12, openssl-0.9.5a
[Fri Jul 14 17:28:19 2000] [error] mod_ssl: Init: (www.jaws.umn.edu:8443) Unable to
configure verify locations for client authentication
I don't have any verify client directives in the conf file.
Any hints appreciated
1 - 100 of 139 matches
Mail list logo