[OT] Apache SSL certificate authentication

Fraser Tweedale frase at frase.id.au
Tue Sep 30 06:55:07 UTC 2008

On Mon, Sep 29, 2008 at 12:00:09PM -0500, CyberLeo Kitsana wrote:
> Fraser Tweedale wrote:
> > - Create my CA key and a CSR, and have CACert sign it.
> Are you sure it's signed as an intermediary CA? cacert.org's website
> suggests they will only sign leaf certificates.
> http://wiki.cacert.org/wiki/SubRoot
> Fortunately, your client certs need not be signed by the same CA as your
> server cert, and it's probably somewhat pointless to have a client cert
> (which will be used for your infrastructure alone) vetted by a third party.
> -- 
> Fuzzy love,
> -CyberLeo
> Technical Administrator
> CyberLeo.Net Webhosting
> http://www.CyberLeo.Net
> <CyberLeo at CyberLeo.Net>
> Furry Peace! - http://wwww.fur.com/peace/

Thanks for the clarification.  I hadn't picked up on the fact that you
need a special intermediary cert for the server cert to validate up the

Well, nevermind.  It's just for personal use anyway... if only X.509 could
be simple like OpenPGP :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080930/b61ca1f8/attachment.pgp

More information about the freebsd-questions mailing list