You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Naveen Rawat <na...@otssolutions.com> on 2007/05/25 12:33:54 UTC

[users@httpd] Is mod_ssl enough to authenticate?

 

Hi All,

 

I want to authenticate modules(certificate based) against each other before
any communcation takes place among .Modules may reside on local and remote
servers. In both cases,Is mod_ssl enough for authentication or I have to
implement the authentication functionality in each module seperately ?

 

I want to know , if mod_ssl will authenticate other modules from remote
/local host or it authenticate clients only. ?

 

 

 

Best Regards

Navin

Re: [users@httpd] Is mod_ssl enough to authenticate?

Posted by Joshua Slive <jo...@slive.ca>.

On 5/25/07, Naveen Rawat <na...@otssolutions.com> wrote:

> I want to authenticate modules(certificate based) against each other before
> any communcation takes place among .Modules may reside on local and remote
> servers. In both cases,Is mod_ssl enough for authentication or I have to
> implement the authentication functionality in each module seperately ?
>
>
>
> I want to know , if mod_ssl will authenticate other modules from remote
> /local host or it authenticate clients only. ?

mod_ssl only encrypts the communications from client to/from server.

OpenSSL (on which mod_ssl is based) can be used to encrypt other sorts
of network streams, but I have really no idea what kind of
communication you are talking about or what you mean by "modules"
(obviously not apache modules, since those can't be "remote").

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Is mod_ssl enough to authenticate?

Posted by Scott Gifford <sg...@suspectclass.com>.

"Naveen Rawat" <na...@otssolutions.com> writes:

>  
>
> Hi All,
>
>  
>
> I want to authenticate modules(certificate based) against each other before any
> communcation takes place among .Modules may reside on local and remote servers.
> In both cases,Is mod_ssl enough for authentication or I have to implement the
> authentication functionality in each module seperately ?
>
> I want to know , if mod_ssl will authenticate other modules from remote /local
> host or it authenticate clients only. ?

Yes, you can do this with mod_ssl.  See SSLVerifyClient to require
that a recognized certificate be used by the client, and
SSLCACertificateFile to list the CA's whose signatures you recognize.
You can create a CA, put that CA's certificate in there, and then sign
the client certificates (you'll probably want to look at
SSLCARevocationFile, too, to be able to revoke access to clients).
I've done that; you can probably also put all of the individual client
certificates in there.  Docs are here:

    http://www.modssl.org/docs/2.8/ssl_reference.html

----Scott.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org