[OT] Apache SSL certificate authentication
frase at frase.id.au
Sun Sep 28 04:01:58 UTC 2008
I've been trying to set up Apache to do certificate authentication
and although I've had success using a self-signed CA (which
naturally requires that the CA certificate be installed in the
browser), I want to do the same, only have the certificate(s) signed
by a real(*) CA, and am having some difficulty.
(*) Specifically, CACert, which still isn't a OOTB trusted CA in most
The way I expect this to work is:
- Create my CA key and a CSR, and have CACert sign it.
- Create a server key and CSR, and sign it with my CA
- Create a client certificate, signed by my CA.
So I end up with a certificate chain that goes:
CACert -> my CA -> my server
But... this is not working. Firefox won't verify the server (the
CACert root certificate .is. installed), and having bypassed this
check, Apache won't verify the client either.
The Apache configuration is as follows:
SSLProtocol all -SSLv2
Any suggestions are appreciated,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080928/72c920f6/attachment.pgp
More information about the freebsd-questions