The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Article Feedback - The make-world script
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Client certificate?
Author: Christopher Masto 
Date:   04-10-01 22:26

You seem to be exporting your SERVER certificate and importing it into your web browser. That's rather strange and confusing. You should probably be creating a separate client certificate (indeed, a separate one for each client).

An important detail that seems to be missing in this article is what to enter when creating the certificate requests (CA.pl -newreq). For a server, it's critical that the "Common Name" be the name of your site (www.freebsddiary.org, for example). Client certificates should use the name of the person the certificate will be identifying.
Reply To This Message
 
 Re: Client certificate?
Author: Patrick Sandberg 
Date:   07-10-01 15:55

I totally agree with your comment to the Client Certificate report on The FreeBSD Diary, he does provide the server certificate to the client, that is ok if you only want to prove "This is really server xxx.com, says this yyy CA, trust me", but if you want to check out the client from a server perspective, how do you do it?
When I enable verify client certificates I never get IE 5.5SP2 to provide any certificate, my guess is that I have not create the client certificate in such a way to associate it with my specific website (so that IE knows what certificate to show at what server) ? But I'm not sure, any good pointers on how to create client certificates (step by step) and how to get them to work with your server?

Thanks,
Patrick
Reply To This Message
 
 Re: Client certificate?
Author: Gabor Komlossy 
Date:   18-02-02 16:03

I agree, this is not enough for client authorization. I will try today the following:

1. Start this howto and create a CA, a Server Certificate and configure Apache, but NOT convert the certificate to pkcs12 format.

2. Then I will create another "Server Certificate", which I will call Client Certificate, and use the client name in the CN field.

3. I will convert the second ceritificate, Client Certificate to pkcs12 format, put it on a floppy and give it to a client

4. The client will install the pkcs12 file in his browser

If this does not work, I will post a message here, so if there's no other messages here from me, the above procedure worked...
Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org

Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid CSS and RSS
Copyright © 1997-2016 Dan Langille
All rights reserved