Create SSL *client* certificate to be used in Apache 2

Create SSL *client* certificate to be used in Apache 2

Post by David Orriss J » Sun, 01 Jun 2003 03:49:57



The subject says it all, pretty much.  I need to create a client
certificate for use within Apache.  Can anyone point me to a documentation
resource?  Thanks.
 
 
 

Create SSL *client* certificate to be used in Apache 2

Post by Paul Rubi » Sun, 01 Jun 2003 04:34:28



Quote:> The subject says it all, pretty much.  I need to create a client
> certificate for use within Apache.  Can anyone point me to a documentation
> resource?  Thanks.

What do you mean by "within Apache"?

If you mean you want to issue client certificates to browsers, you
need a CA.  See www.pyca.de for an example.

 
 
 

Create SSL *client* certificate to be used in Apache 2

Post by Mads Toftu » Sun, 01 Jun 2003 23:51:50



Quote:> The subject says it all, pretty much.  I need to create a client
> certificate for use within Apache.  Can anyone point me to a documentation
> resource?  Thanks.

The simplest thing is probably to use openssl's CA.pl:
http://www.openssl.org/docs/apps/CA.pl.html

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

 
 
 

Create SSL *client* certificate to be used in Apache 2

Post by Paul Rubi » Mon, 02 Jun 2003 07:27:04



> > The subject says it all, pretty much.  I need to create a client
> > certificate for use within Apache.  Can anyone point me to a documentation
> > resource?  Thanks.

> The simplest thing is probably to use openssl's CA.pl:
> http://www.openssl.org/docs/apps/CA.pl.html

CA.pl only provides a way to sign CSR's that the browser has
generated.  It doesn't provide any way to make the browser create a
CSR, and it doesn't provide any way to install the certificate into
the browser once it's been signed, and its tracking of certificate
lifecycles is crude almost to the point of nonexistence.

Try <http://www.pyca.de> which is not too fancy either, but which at
least makes an attempt to provide all the functions mentioned above.

 
 
 

Create SSL *client* certificate to be used in Apache 2

Post by David Orriss J » Wed, 04 Jun 2003 04:37:59




>> The subject says it all, pretty much.  I need to create a client
>> certificate for use within Apache.  Can anyone point me to a
>> documentation resource?  Thanks.

> What do you mean by "within Apache"?

> If you mean you want to issue client certificates to browsers, you need a
> CA.  See www.pyca.de for an example.

I mean that when I use the SSLProxyEngine along with
SSLProxyMachineCertificateFile, like this:

SSLProxyEngine On
SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/weblistener.crt

I want to present a PEM-coded client certificate to the machine I'm
connecting to.

 
 
 

Create SSL *client* certificate to be used in Apache 2

Post by Paul Rubi » Wed, 04 Jun 2003 10:12:29



Quote:> I mean that when I use the SSLProxyEngine along with
> SSLProxyMachineCertificateFile, like this:

> SSLProxyEngine On
> SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/weblistener.crt

> I want to present a PEM-coded client certificate to the machine I'm
> connecting to.

If you just want to make one or two certificates to use in a small
extranet, the simplest way is to use the CA.pl script which comes with
openssl.  It has some built-in help and is pretty straightforward.
Its cert lifecycle management features are crude to nonexistent
though.
 
 
 

1. Apache 2.0.39 + ssl + ldap with client certificate authentication

Dear group,
Has anybody tried doing ldap client certificate authentication for an apache
2.0.39 ssl server ?

Our environment is :
RedHat linux 7.1 kernel 2.4.x
apache 2.0.39 (inc. mod_ssl)
openssl-engine-0.9.6g
openldap (on a different redhat linux server)

The apache website has a verisign server certificate, a self-signed CA
certificate and all clients have
certificates in the ldap server signed by this CA.

When clients present their certificate to browse the Apache secure site,
Apache should check the
existence of their certificate in the LDAP server and also the validity of
the contents of the certificate presented.

Kindly provide some direction to any solution or resources related to this
issue.

Any help would be highly appreciated.

TIA
Sarath

2. WindowMaker rookie

3. Apache-SSL and Netscape Client Certificates

4. Using mouse scrolling wheel in X

5. Apache with SSL Client Authentication; per-directory access based upon DN in certificates

6. Mounting my /dev/sbpcd

7. Old machine Tomcat+SSL, new machine Apache+SSL - new certificates needed?

8. Message from Apple

9. Can't convert my netscape ssl certificate for use with Apache-SSL

10. Apache-SSL and problems with SSL certificate

11. Obtaining client certificate in servlet using apache + tomcat

12. creating ssl certificates

13. create a "correct" self-signed SSL certificate