Re: Client Verification with sub ca's

2009-03-12 Thread leanmeandonothingmachine
thanks that works, a little tricky if you want to use SSLVerifyClient optional, as it 403s everything in that case instead of just not filling in the client variables. But I can always do that programmaticaly if I need it. -- View this message in context: http://www.nabble.com/Client-Verificatio

Re: Client Verification with sub ca's

2009-03-12 Thread leanmeandonothingmachine
thanks that works, a little tricky if you want to use SSLVerifyClient optional, as it 403s everything in that case instead just not filling in the client variables. But I can always do that programmaticaly if I need it. -- View this message in context: http://www.nabble.com/Client-Verification-w

Re: Client Verification with sub ca's

2009-03-12 Thread Matt Stevenson
: Client Verification with sub ca's I have a self signed ca, with multiple sub-ca's. root -sub-ca1 -sub-ca2 -server I sign client certificates with either -sub-ca1 or -sub-ca2, and use server to sign certificates for the actual website. So in my apache config, i have this: SS

Client Verification with sub ca's

2009-03-12 Thread leanmeandonothingmachine
I have a self signed ca, with multiple sub-ca's. root -sub-ca1 -sub-ca2 -server I sign client certificates with either -sub-ca1 or -sub-ca2, and use server to sign certificates for the actual website. So in my apache config, i have this: SSLEngine on SSLOptions +stdEnvVars