Re: Re: ssl client authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Does anyone possibly have an answer to these questions?  I'm quite
stumped at the moment, and would love to try and get this fully working.

Thanks again.

> Date: Thu, 17 Nov 2005 10:09:45 -0600
> From: Michael Montgomery <mmontgomery at theplanet.com>
> Subject: Re: Re: ssl client authentication
> To: fedora-directory-users at redhat.com
> Message-ID: <1132243785.24437.11.camel at work>
> Content-Type: text/plain
> 
> Thank you very much for your response.  I just have a couple more
> questions so I can be sure I know what I'm talking about.
> 
> > the directory server (your SSL server) replies with the certificate chain which includes 
> > the CA certificate, and the self-signed SSL certificate."
> 
> I'm assuming the 'self-signed SSL cerificate' is the client's ssl
> certificate I imported into the SSL server's store, and NOT the server's
> own client certificate?
> 
> > you should have the SSL certificate imported into your SSL client's security database, 
> > and it should be marked as trusted (i.e -t "CT,CT,CT"). 
> 
> Is there any documentation on how to do this with a RHEL4 server?  The
> only things that come to mind are the openssl dirs '/usr/share/ssl/*',
> and possibly installing the certutil package on this machine...(but how
> would the ldap.conf file reference this, and even know about it... I'm
> curious about integration)
> 
> >Another way to do this is to sign your SSL server certificate with your self-signed CA 
> > certificate, and import your CA certificate into your SSL client's security database. 
> 
> I'm assuming you're talking about this option to Sign/Validate a
> self-signed cert:
> 
> -V              Validate a certificate
>    -n cert-name      The nickname of the cert to Validate
>    -b time           validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]")
>    -e                Check certificate signature
>    -u certusage      Specify certificate usage:
>                           C      SSL Client
>                           V      SSL Server
>                           S      Email signer
>                           R      Email Recipient
>    -d certdir        Cert database directory (default is ~/.netscape)
>    -P dbprefix       Cert & Key database prefix
>    -X                force the database to open R/W
> 
> But then there's still the above question of how to import it into
> clients...
> 
> Once again, thank you very much for your answers up to this point, as
> they were quite helpful.
> 
> Michael.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux