OCSP, I don't know the legislation but it seems
normal to be required by law.
-- Original Message --
From: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/23/2015 7:51:14 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
Oh, I see. In this case you
: [users@httpd] SSL - How client certificates are verified?
Oh, I see. In this case you will have to check the status of their
certificates. Still, I suspect all of the tokens are issued by one
CA. Probably it is better to ask this CA for their procedures: do
they use OCSP or just publish CRLs
The certificates are already on the server.
-- Original Message --
From: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/26/2015 11:34:24 AM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I'm only guessing, but maybe manually adding all necessary
/2015 11:34:24 AM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I'm only guessing, but maybe manually adding all necessary intermediate
certificates to your server will help?
--
With Best Regards,
Marat Khalili
On 26/08/15 09:31, Sterpu Victor wrote:
I installed
All clients already have PKCS11 tokens.
It would be too complicated for them to get used with something else.
-- Original Message --
From: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/23/2015 7:34:07 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified
:34:07 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I see. However, accepting clients certificates from the world
recognized authorities is both more expensive (for clients) and
more risky than running your own CA (recognized only by your
server). If you personally
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I see. However, accepting clients certificates from the world
recognized authorities is both more expensive (for clients) and more
risky than running your own CA (recognized only by your server). If
you personally know all your
Hello, what is your scenario? If you issue (sign) client certificates
yourself, Apache can correctly verify it against local CRL (certificate
revocation list) file (server restart may be required after file
update). There's information in the net concerning OCSP support for
client
declared lost or stolen.
But I don't want to make things too complicated.
-- Original Message --
From: Marat Khalili m...@rqc.ru mailto:m...@rqc.ru
To: users@httpd.apache.org mailto:users@httpd.apache.org
Sent: 8/23/2015 6:51:02 PM
Subject: Re: [users@httpd] SSL - How client certificates
Ok.
-- Original Message --
From: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/23/2015 8:16:06 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
In this case, could you please post the results when you get the
SSLOCSPEnable fixed? I'm particularly
you.
-- Original Message --
From: Mohanavelu Subramanian mhnv...@gmail.com
To: users@httpd.apache.org; Sterpu Victor vic...@caido.ro
Sent: 8/23/2015 10:19:13 AM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
Hi,
With the option SSLVerifyClient require
: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/23/2015 6:51:02 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
Hello, what is your scenario? If you issue (sign) client certificates
yourself, Apache can correctly verify it against local CRL (certificate
: Marat Khalili m...@rqc.ru
To: users@httpd.apache.org
Sent: 8/23/2015 6:51:02 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
Hello, what is your scenario? If you issue (sign) client certificates
yourself, Apache can correctly verify it against local CRL (certificate
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I see. However, accepting clients certificates from the world
recognized authorities is both more expensive (for clients) and more
risky than running your own CA (recognized only by your server). If
you personally know all
Hi,
With the option SSLVerifyClient require , server mandates the client to
send its certificate for authentication. Then the server verifies this
client certificate against the CA certificate file configured in apache. If
the client certificate has been signed by a valid CA, then the
Hello
I have a web page that asks for client certificate.
These are the options for this:
SSLVerifyClient require
SSLVerifyDepth 10
How does SSLVerifyClient verifies the client certificate?
This option protects against certificates manual made with a fake
public-private key pair?
So can
: [users@httpd] SSL - How client certificates are verified?
Hi,
With the option SSLVerifyClient require , server mandates the client
to send its certificate for authentication. Then the server verifies
this client certificate against the CA certificate file configured in
apache. If the client
17 matches
Mail list logo