I have a single server with a multiple vhost SSL certificate from a recognized CA. All vhosts are using SSL/TLS successfully and exclusively with HSTS enforcement. I would now like to add SSL client certificates for individual vhost private directory access and plan to do so using a self-generated, self-signed CA certificate (self-CA) set up, with one certificate per authorized user and vhost. My question for my set up is this: Does the client browser have to import anything other than its assigned SSL client certificate? One source I've found says I will also have to have my self-CA certificate available for import by each client browser but another source says no (I can provide the sources later when I get access to my own computer). The Apache 2.4 docs, as I interpret them, imply that they are two separate things and only the single client certificate will have to be imported since the session SSL connection is created through the widely-recognized CA certificate. (I apologize for any unclear terminology--I am still trying to sort it all out.) Thanks. Best regards, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|