[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue Mar 2 23:55:11 2004 -->
- <!--x-from-r13: wxvaarl ng ybpnyargfbyhgvbaf.pbz (Xnzrf B. Yvaarl WWW) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: FD4117E8-6CC9-11D8-BA49-[email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] client certs for apache -->
- <li><em>date</em>: Tue Mar 2 23:55:11 2004</li>
- <li><em>from</em>: jkinney at localnetsolutions.com (James P. Kinney III)</li>
- <li><em>in-reply-to</em>: <<a href="msg00057.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00055.html">[email protected]</a>> <<a href="msg00057.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] client certs for apache</li>
It is confusing.
I trying to install 4 certs on 4 servers and have a single client
authentication cert that is recognized by all four servers.
Installing certs on servers is easy. The clients are the hard part as
they are all over the country. Thats the reason for the single cert to
be installed on the clients (there are hundreds, I think)
Right now, the line:
Require ClientAuthorization
is commented out in apache configs. (It may be worded a bit differently.
It's late And I'm too tired to open a connection). But is effectively
prevents just any ol' browser from activating a https:// page unless the
browser has a authorization cert recognized by the server.
> wood
> On Mar 2, 2004, at 6:31 PM, James P. Kinney III wrote:
>
> > I am stumped on how to properly do the following:
> >
> > 4 different web servers each with a ssl cert. 1 client cert that is
> > accepted by each server as valid to access the ssl areas of the web
> > sites hosted on each one.
> >
> > One server/one client cert is easy. Do some ssl foo to make a server
> > cert and a client cert and sign the client cert with the server cert.
> > Park server cert securely and tell httpd.conf where it is. Import
> > client
> > cert into browsers.
> >
> > Do I need to set one machine as a CA, generate all certs for each
> > server
> > on each individual machine, then sign each server cert by the CA cert?
> > Then make a client cert from the CA cert?
> >
> > Too many really vague theory docs, not enough cookbook on this topic.
> >
> > Any ideas?
> >
> > --
> > James P. Kinney III \Changing the mobile computing world/
> > CEO & Director of Engineering \ one Linux user /
> > Local Net Solutions,LLC \ at a time. /
> > 770-493-8244 \.___________________________./
> > <a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
> >
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > <jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
<a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00059" href="msg00059.html">[ale] client certs for apache</a></strong>
<ul><li><em>From:</em> thomaswood at mac.com (Thomas Wood)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00055" href="msg00055.html">[ale] client certs for apache</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00057" href="msg00057.html">[ale] client certs for apache</a></strong>
<ul><li><em>From:</em> thomaswood at mac.com (Thomas Wood)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00057.html">[ale] client certs for apache</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00059.html">[ale] client certs for apache</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00057.html">[ale] client certs for apache</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00059.html">[ale] client certs for apache</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00058"><strong>Date</strong></a></li>
<li><a href="threads.html#00058"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>