SSL mutual authentication client certificate creation using Keytool

SSL mutual authentication client certificate creation using Keytool

am 04.03.2010 14:43:08 von Arunkumar Janarthanan

--001517473622747ca90480f9c7d7
Content-Type: text/plain; charset=ISO-8859-1

Hi All,

I have an application connecting to the secure Apache URL, I have generated
OpenSSL certificates and used it as CA and servercert, also generated client
certificate using hte below documentation.

http://www.impetus.us/~rjmooney/projects/misc/clientcertauth .html

However my client application ( another Java application) will connect to
this Apache instance needs a client certificate for authentication. Now that
I can use Keytool and import the Apache's client certificate and create a
Keystore.

However how to proceed further, how my Apache will understand the client's
certificates and allow the client app to connect and process the requests ?

Please advice.

Arun J

--001517473622747ca90480f9c7d7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi All,

I have an application connecting to the secure Apache URL, I=
have generated OpenSSL certificates and used it as CA and servercert, also=
generated client certificate using hte below documentation.

=3D"http://www.impetus.us/~rjmooney/projects/misc/clientcert auth.html">http=
://www.impetus.us/~rjmooney/projects/misc/clientcertauth.htm l


However my client application ( another Java application) will connect =
to this Apache instance needs a client certificate for authentication. Now =
that I can use Keytool and import the Apache's client certificate and c=
reate a Keystore.


However how to proceed further, how my Apache will understand the clien=
t's certificates and allow the client app to connect and process the re=
quests ?

Please advice.

Arun J


--001517473622747ca90480f9c7d7--

Re: SSL mutual authentication client certificate creation using

am 05.03.2010 15:14:04 von Arunkumar Janarthanan

--000e0ce075dceaf4c804810e53f0
Content-Type: text/plain; charset=ISO-8859-1

Could anyone please advice with this ?

On Thu, Mar 4, 2010 at 8:43 AM, Arunkumar Janarthanan <
arunkumar.webadmin@gmail.com> wrote:

> Hi All,
>
> I have an application connecting to the secure Apache URL, I have generated
> OpenSSL certificates and used it as CA and servercert, also generated client
> certificate using hte below documentation.
>
> http://www.impetus.us/~rjmooney/projects/misc/clientcertauth .html
>
> However my client application ( another Java application) will connect to
> this Apache instance needs a client certificate for authentication. Now that
> I can use Keytool and import the Apache's client certificate and create a
> Keystore.
>
> However how to proceed further, how my Apache will understand the client's
> certificates and allow the client app to connect and process the requests ?
>
> Please advice.
>
> Arun J
>

--000e0ce075dceaf4c804810e53f0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Could anyone please advice with this ?

On=
Thu, Mar 4, 2010 at 8:43 AM, Arunkumar Janarthanan <<=
a href=3D"mailto:arunkumar.webadmin@gmail.com">arunkumar.webad min@gmail.com=
> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi All,

I =
have an application connecting to the secure Apache URL, I have generated O=
penSSL certificates and used it as CA and servercert, also generated client=
certificate using hte below documentation.


th.html" target=3D"_blank">http://www.impetus.us/~rjmooney/projects/m isc/cl=
ientcertauth.html


However my client application ( another Java application) will connect =
to this Apache instance needs a client certificate for authentication. Now =
that I can use Keytool and import the Apache's client certificate and c=
reate a Keystore.



However how to proceed further, how my Apache will understand the clien=
t's certificates and allow the client app to connect and process the re=
quests ?

Please advice.

Arun J




--000e0ce075dceaf4c804810e53f0--

Re: Re: SSL mutual authentication client certificate

am 05.03.2010 15:23:43 von Eric Covener

On Fri, Mar 5, 2010 at 9:14 AM, Arunkumar Janarthanan
wrote:
> Could anyone please advice with this ?

Configure Apache to request a certificate from the client:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyc lient

Configure Apache to trust the issuer of your clients certificate:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacerti ficatefile

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re: SSL mutual authentication client certificate

am 08.03.2010 17:47:52 von Arunkumar Janarthanan

--001517478ae484860004814cd36d
Content-Type: text/plain; charset=ISO-8859-1

Thanks Eric, my client for the Apache is another Java application. So I used
keytool and generated trustore importing OpenSSL generated CA certificate.

Now that I have used export option to generate a certificate from Keytool,
How could I use this ceritificate now on Apache to authenticate the requests
from my client application ?

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.htm l

Please advice.

On Fri, Mar 5, 2010 at 9:23 AM, Eric Covener wrote:

> On Fri, Mar 5, 2010 at 9:14 AM, Arunkumar Janarthanan
> wrote:
> > Could anyone please advice with this ?
>
> Configure Apache to request a certificate from the client:
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyc lient
>
> Configure Apache to trust the issuer of your clients certificate:
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacerti ficatefile
>
> --
> Eric Covener
> covener@gmail.com
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--001517478ae484860004814cd36d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Eric, my client for the Apache is another Java application. So I use=
d keytool and generated trustore importing OpenSSL generated CA certificate=
..

Now that I have used export option to generate a certificate from =
Keytool, How could I use this ceritificate now on Apache to authenticate th=
e requests from my client application ?


l">http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool. html
>Please advice.

On Fri, Mar 5, 2010 at 9:=
23 AM, Eric Covener < om">covener@gmail.com> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Fri, Mar 5, 20=
10 at 9:14 AM, Arunkumar Janarthanan

<arunk=
umar.webadmin@gmail.com> wrote:

> Could anyone please advice with this ?



Configure Apache to request a certificate from the client:



t" target=3D"_blank">http://httpd.apache.org/docs/2.2/mod/mod_s sl.html#sslv=
erifyclient



Configure Apache to trust the issuer of your clients certificate:



tefile" target=3D"_blank">http://httpd.apache.org/docs/2.2/mod/mod_s sl.html=
#sslcacertificatefile



--

Eric Covener





------------------------------------------------------------ ---------

The official User-To-User support f=
orum of the Apache HTTP Server Project.

See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g">users-unsubscribe@httpd.apache.org

=A0 " =A0 from the digest: @httpd.apache.org">users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: org">users-help@httpd.apache.org






--001517478ae484860004814cd36d--