Hm.. I configured modssl to require a client cert
to access a site
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ )
SSLVerifyClient require
SSLVerifyDepth 5
Then I tried to create a client cert...
openssl req -new -nodes -keyout clientcert.key -out clientcert.csr
Then our CA
On Mon, Mar 19, 2001, Torsten Curdt wrote:
[...]
For each CA there is much more information besides the
PEM data (which is the only thing in my ca-dff.crt).
It's pretty verbose including the fingerprint as well
as some plain text infos about the cert.
[...]
All text around the PEM data is
Thanks! Works now...
The client cert was in the wrong format... seems it needs to be .p12
not .crt!
Thanks alot! :)
--
Torsten
As I told you, the things between -BEGIN CERTIFICATE- up to a
-END CERTIFICATE-
(including those tags) are the PEM encoded certificates. Everithing
Same thing happened to me. Then I configured a CA certificate file and
things went straight.
The idea is that when the SSL handshake takes place, the server asks for a
certificate which
he will consider valid. That is signed by a trusted CA.
The server sends what HE considers to be trusted CA's
Hm.. I configured modssl to require a client cert
to access a site
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ )
SSLVerifyClient require
SSLVerifyDepth 5
Then I tried to create a client cert...
openssl req -new -nodes -keyout clientcert.key -out clientcert.csr
Then our CA
On Mon, Mar 19, 2001 at 10:13:45AM -0300, Diego Tartara wrote:
Same thing happened to me. Then I configured a CA certificate file and
things went straight.
The idea is that when the SSL handshake takes place, the server asks for a
certificate which
he will consider valid. That is signed by
Ah! With the ca-bundle.crt now at least my thawte cert works...
But since I want only OUR CA to be trusted I need just the
ca-dff.crt instead of the ca-bundle.crt.
But looking at the file I see very big differences
in the file format.
For each CA there is much more information besides the
PEM
As I told you, the things between -BEGIN CERTIFICATE- up to a
-END CERTIFICATE-
(including those tags) are the PEM encoded certificates. Everithing else is
considered a comment.
Actually you can create those comments with the help of openssl
(http://www.openssl.org):
openssl