You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Antoine de Lobel-Mahy <ad...@meeschaert.com> on 2002/09/19 18:10:36 UTC
[users@httpd] using client certificates with apache 2.0
Hello,
My apache server is now running ok with SSL.
I have again a little problem, someone can help me?
I have a root certificate : "root-mee.crt". This file is on my client (IE 6) and on server
I have a server certificate : "srv-mee.pem" and the key : "srv-mee.key". Those files are on my server.
I have too a client certificate : "antoine.der". this file is on my client (IE 6).
All certificates are create with openssl 0.9.6.
srv-mee.pem and antoine.der are signed with root-mee.crt.
In the httpd.conf, I have those lines :
SSLCertificateFile = ....../srv-mee.pem
SSLCertificateKey = ....../srv-mee.key
SSLCACertificateFile = ....../root-mee.crt
.
.
.
<Virtualhost myserver:443>
SSLEngine on
Documentroot "....."
DirectoryIndex Index.html
Servername myweb.mydomain.com
ServerAlias myweb
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>
When SSLVerifyClient, SSLVerifyDepth are uncomment, I cannot connect my client on server.
Where is the problem, Someone knows the way of solution?
Thanks for your help.
Antoine
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] using client certificates with apache 2.0
Posted by Antoine de Lobel-Mahy <ad...@meeschaert.com>.
Hi everybody,
I find the answer alone, as a big person :-)))
The problem was on my client certificate.
DER extension for this was not ok,
the client certificate file must be a p12 extension
with the good option on creation :
$ openssl pkcs12 -export -inkey keyfile -in infile -out outfile.p12
thanks for all.
Antoine
> -----Message d'origine-----
> De : Antoine de Lobel-Mahy [mailto:adelobel@meeschaert.com]
> Envoyé : jeudi 19 septembre 2002 18:11
> À : users@httpd.apache.org
> Objet : [users@httpd] using client certificates with apache 2.0
>
>
> Hello,
>
> My apache server is now running ok with SSL.
>
> I have again a little problem, someone can help me?
>
> I have a root certificate : "root-mee.crt". This file is on
> my client (IE 6) and on server
> I have a server certificate : "srv-mee.pem" and the key :
> "srv-mee.key". Those files are on my server.
>
> I have too a client certificate : "antoine.der". this file is
> on my client (IE 6).
>
> All certificates are create with openssl 0.9.6.
> srv-mee.pem and antoine.der are signed with root-mee.crt.
>
>
> In the httpd.conf, I have those lines :
>
> SSLCertificateFile = ....../srv-mee.pem
> SSLCertificateKey = ....../srv-mee.key
>
> SSLCACertificateFile = ....../root-mee.crt
> ..
> ..
> ..
> <Virtualhost myserver:443>
> SSLEngine on
> Documentroot "....."
> DirectoryIndex Index.html
> Servername myweb.mydomain.com
> ServerAlias myweb
> SSLVerifyClient require
> SSLVerifyDepth 1
> </Directory>
>
>
> When SSLVerifyClient, SSLVerifyDepth are uncomment, I cannot
> connect my client on server.
> Where is the problem, Someone knows the way of solution?
>
>
> Thanks for your help.
>
> Antoine
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org