IE5 client certs

2001-03-24 Thread Torsten Curdt
Hm.. I configured modssl to require a client cert to access a site SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ ) SSLVerifyClient require SSLVerifyDepth 5 Then I tried to create a client cert... openssl req -new -nodes -keyout clientcert.key -out clientcert.csr Then our CA

Re: IE5 client certs

2001-03-21 Thread Ralf S. Engelschall
On Mon, Mar 19, 2001, Torsten Curdt wrote: [...] For each CA there is much more information besides the PEM data (which is the only thing in my ca-dff.crt). It's pretty verbose including the fingerprint as well as some plain text infos about the cert. [...] All text around the PEM data is

RE: IE5 client certs

2001-03-20 Thread Torsten Curdt
Thanks! Works now... The client cert was in the wrong format... seems it needs to be .p12 not .crt! Thanks alot! :) -- Torsten As I told you, the things between -BEGIN CERTIFICATE- up to a -END CERTIFICATE- (including those tags) are the PEM encoded certificates. Everithing

Re: IE5 client certs

2001-03-19 Thread Diego Tartara
Same thing happened to me. Then I configured a CA certificate file and things went straight. The idea is that when the SSL handshake takes place, the server asks for a certificate which he will consider valid. That is signed by a trusted CA. The server sends what HE considers to be trusted CA's

IE5 client certs

2001-03-19 Thread Torsten Curdt
Hm.. I configured modssl to require a client cert to access a site SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ ) SSLVerifyClient require SSLVerifyDepth 5 Then I tried to create a client cert... openssl req -new -nodes -keyout clientcert.key -out clientcert.csr Then our CA

Re: IE5 client certs

2001-03-19 Thread Erdmut Pfeifer
On Mon, Mar 19, 2001 at 10:13:45AM -0300, Diego Tartara wrote: Same thing happened to me. Then I configured a CA certificate file and things went straight. The idea is that when the SSL handshake takes place, the server asks for a certificate which he will consider valid. That is signed by

RE: IE5 client certs

2001-03-19 Thread Torsten Curdt
Ah! With the ca-bundle.crt now at least my thawte cert works... But since I want only OUR CA to be trusted I need just the ca-dff.crt instead of the ca-bundle.crt. But looking at the file I see very big differences in the file format. For each CA there is much more information besides the PEM

RE: IE5 client certs

2001-03-19 Thread Diego Tartara
As I told you, the things between -BEGIN CERTIFICATE- up to a -END CERTIFICATE- (including those tags) are the PEM encoded certificates. Everithing else is considered a comment. Actually you can create those comments with the help of openssl (http://www.openssl.org): openssl