Client Certificates (Help!)

Hi,

Does anyone have any good URLs or instructions about how to create client
certificates for browsers so that only browsers with the certificate can
connect to the server (or view certain directories on the server)?

I tried one procedure I found on the web, and it ended up with Apache
complaining about the keys and certificates it had. The best I could do
myself was a self-signed SSL certificate (which worked fine), but the client
certificates didn't work out.

I'll try any procedures anyone supplies, and if that doesn't work I'll post
detailed information about what I tried and what went wrong.

The site, by the way, is www.e-collab.com. The self-signed SSL certificate
for Apache worked fine. It was just the more advanced stuff that eluded me.

Thanks a lot!

Merry Christmas!

Dave Ashley.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Certificates (Help!)

On Wednesday 22 December 2004 02:29, David T. Ashley wrote:
> Hi,
>
> Does anyone have any good URLs or instructions about how to create client
> certificates for browsers so that only browsers with the certificate can
> connect to the server (or view certain directories on the server)?

Try this:

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html




Casper.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Client Certificates (Help!)

Hi Mr. Waters,

I got it all straightened out. I had just not converted to the right
key/certificate format, etc.

Did, however, run into a bug where Apache won't support POST with client
authentication. I've been advised to downgrade Apache.

Dave.

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of P Larkin Waters
> Sent: Tuesday, January 04, 2005 6:11 AM
> To: modssl-users@modssl.org
> Subject: Re: Client Certificates (Help!)
>
>
> did you use a real certificate?
> if you used a test certificate did you install the test certificate
> authority?
> I'm sure you know that test certificates don't work with the CA's that
> come preinstalled in most browsers.
>
> ____
> Theory is when you know something, but it doesn't work.
> Practice is when something works, but you don't know why.
> Programmers combine theory and practice:
> Nothing works and they don't know why.
> --Unknown
> ----- Original Message -----
> From: "David T. Ashley"
> To:
> Sent: Tuesday, December 21, 2004 7:29 PM
> Subject: Client Certificates (Help!)
>
>
> > Hi,
> >
> > Does anyone have any good URLs or instructions about how to create
> client
> > certificates for browsers so that only browsers with the certificate
> can
> > connect to the server (or view certain directories on the server)?
> >
> > I tried one procedure I found on the web, and it ended up with Apache
> > complaining about the keys and certificates it had. The best I could
> do
> > myself was a self-signed SSL certificate (which worked fine), but the
> client
> > certificates didn't work out.
> >
> > I'll try any procedures anyone supplies, and if that doesn't work I'll
> post
> > detailed information about what I tried and what went wrong.
> >
> > The site, by the way, is www.e-collab.com. The self-signed SSL
> certificate
> > for Apache worked fine. It was just the more advanced stuff that
> eluded me.
> >
> > Thanks a lot!
> >
> > Merry Christmas!
> >
> > Dave Ashley.
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Certificates (Help!)

did you use a real certificate?
if you used a test certificate did you install the test certificate
authority?
I'm sure you know that test certificates don't work with the CA's that
come preinstalled in most browsers.

____
Theory is when you know something, but it doesn't work.
Practice is when something works, but you don't know why.
Programmers combine theory and practice:
Nothing works and they don't know why.
--Unknown
----- Original Message -----
From: "David T. Ashley"
To:
Sent: Tuesday, December 21, 2004 7:29 PM
Subject: Client Certificates (Help!)


> Hi,
>
> Does anyone have any good URLs or instructions about how to create
client
> certificates for browsers so that only browsers with the certificate
can
> connect to the server (or view certain directories on the server)?
>
> I tried one procedure I found on the web, and it ended up with Apache
> complaining about the keys and certificates it had. The best I could
do
> myself was a self-signed SSL certificate (which worked fine), but the
client
> certificates didn't work out.
>
> I'll try any procedures anyone supplies, and if that doesn't work I'll
post
> detailed information about what I tried and what went wrong.
>
> The site, by the way, is www.e-collab.com. The self-signed SSL
certificate
> for Apache worked fine. It was just the more advanced stuff that
eluded me.
>
> Thanks a lot!
>
> Merry Christmas!
>
> Dave Ashley.
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org