Hello!
I am struggling to understand the concept of client side authentication
enabled in SSL apache. I have been reading the posts, google pages but
still clueless.
What I could understand till now is 3 configuration parameter is required
SSLVerifyClient
SSLVerifyDepth
SSLCACertificate File
The points on which I am confused is SSLCARevocationFile.
The meaning of SSLCARevocationFile is really quite simple. Let's say
that we have issued certificates to all employees in our company.
These certificates are issued by the CA whose certificate is in
SSLCACertificateFile. Apache is configured to trust all certificates
issued by this CA. Now one of the employees leaves and should no
longer have access. We can't really "take back" the certificate file
issued to this employee, so we just declare that we no longer trust
this particular certificate - in other words, we revoke the
certificate. Such revoked certificates are listed in "Certificate
Revocation List" - a file which SSLCAReviocationFile points to.
--
Toomas Aas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org