Should you not be looking at http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html and https://www.opensc-project.org/files/doc/apache-client-authentication(v0 .5.1).pdf
Hi,
Thanks for the reply! I didn't mention it before, but I won't be using Apache or any other mainstream webserver. Most likely I will be using Ocsigen (http://www.ocsigen.org/). Now, the latest development release of Ocsigen already has basic support for SSL, but it can't handle yet client authentication. In short, I am still looking for an stunnel-based solution. Any ideas?
Thanks again for your time and attention! Cheers, Dario
___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/
Il giorno 27/giu/07, alle ore 13:38, Dario Teixeira ha scritto:
Thanks for the reply! I didn't mention it before, but I won't be using Apache or any other mainstream webserver. Most likely I will be using Ocsigen (http://www.ocsigen.org/). Now, the latest development release of Ocsigen already has basic support for SSL, but it can't handle yet client authentication. In short, I am still looking for an stunnel- based solution. Any ideas?
You can generate a certificate (and his private key) for every client, put the public cert in the CApath of the server, and set verify=3. In every CApath you must have: - the pub cert of the CA that issues the certs - the pub cert of the OTHER hosts which you will establish a connection (so, in the server CApath you will find the client certs, and viceversa). Then you do a c_rehash.
With this setup, i don't know if it will work with the ssl provided by the browser, or you must install stunnel also on the server side, but i think that accepting the cert on the browser will work for you.
Bye, dario.
-
Dario Mariani -
Dario Teixeira