Hi, Thank you for the reply.
Eric, I know that I can use the mod_ssl to store certificates in one Apache, but I want have the certificates in LDAP because I have two or three Apaches or maybe more in the future and I don't want replicate this files in all Apaches Darren, the problem is that I generate by myself the certificates and I can revoke this certificates, therefor I need to take each certificate from the client to see if it is valid or not. I don't need trust in CA authorities Now I try to recompiling some modules and configure Apache like shows this bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 But there isn't examples how to configure the Apache, I'll tell you how to do this work if I have successful. Kings Regards Martin 2011/8/5 Darren Spruell <phatbuck...@gmail.com> > On Fri, Aug 5, 2011 at 1:56 AM, Martin Sanchez <marsa...@gmail.com> wrote: > > Hello, > > I've read about this topic in mailing list but I didn't found the > solution. > > I want validate LDAP users against Apache using the certificates than the > > user store in LDAP. > > I mean, I create and store the X509 certificates in LDAP. Afterwards I > send > > to my clients the certificate and they install those certificates in > their > > browsers. > > Now I want validate the users using the certificate instead of the > user-name > > and the password. > > One point on certificate auth - you don't need to have access to > client certificates to validate identities (meaning, you don't need to > consult LDAP or another store containing user certificate data) - you > just need to configure your server to trust the Certificate Authority > (CA) that issued those certificates. This is the fundamental basis of > PKI and X.509 certificate authentication. It's the same way that your > browser trusts an SSL web server (trusted CA store). > > The SSL howto has some resources on this ("Client Authentication and > Access Control"): > > http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html > > mod_ssl has served me well for this in the past: > > http://httpd.apache.org/docs/2.2/mod/mod_ssl.html > > -- > Darren Spruell > phatbuck...@gmail.com > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
