[OT] Apache SSL certificate authentication
Fraser Tweedale
frase at frase.id.au
Tue Sep 30 06:55:07 UTC 2008
On Mon, Sep 29, 2008 at 12:00:09PM -0500, CyberLeo Kitsana wrote:
> Fraser Tweedale wrote:
> > - Create my CA key and a CSR, and have CACert sign it.
>
> Are you sure it's signed as an intermediary CA? cacert.org's website
> suggests they will only sign leaf certificates.
> http://wiki.cacert.org/wiki/SubRoot
>
> Fortunately, your client certs need not be signed by the same CA as your
> server cert, and it's probably somewhat pointless to have a client cert
> (which will be used for your infrastructure alone) vetted by a third party.
>
> --
> Fuzzy love,
> -CyberLeo
> Technical Administrator
> CyberLeo.Net Webhosting
> http://www.CyberLeo.Net
> <CyberLeo at CyberLeo.Net>
>
> Furry Peace! - http://wwww.fur.com/peace/
>
Thanks for the clarification. I hadn't picked up on the fact that you
need a special intermediary cert for the server cert to validate up the
chain.
Well, nevermind. It's just for personal use anyway... if only X.509 could
be simple like OpenPGP :)
frase
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080930/b61ca1f8/attachment.pgp
More information about the freebsd-questions
mailing list