RE: SSL Cllient Certificate Requirements Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You https vhost could looks like:

<Virtualhost TEMPLATE_IP:443>

  ServerName TEMPLATE_SERVERNAME.example.com
  DocumentRoot /export/public

  ErrorLog        /usr/apache/logs/www.example.com_error_log
  CustomLog       "|/usr/apache/bin/rotatelogs   RewriteEngine On
  RewriteOptions inherit

  DeflateBufferSize 8096
  DeflateFilterNote ratio
  DeflateMemLevel 9

  <IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Don't compress images or txt
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|txt|lx2|pdf)$ no-gzip dont-vary
  </IfModule>

  <Directory "/export/public">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>

  SSLEngine On
  SSLCertificateFile  /usr/apache/ssl/certs/www.example.com/server.crt
  SSLCertificateKeyFile /usr/apache/ssl/certs/www.example.com/server.key
  SSLCACertificateFile /usr/apache/ssl/certs/intermediate.crt
</VirtualHost>


-----Original Message-----
From: Tom Browder [mailto:tom.browder@xxxxxxxxx] 
Sent: 20 July 2012 03:22
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  SSL Cllient Certificate Requirements Question

On Thu, Jul 19, 2012 at 7:34 PM, Daniel Ruggeri <DRuggeri@xxxxxxxxxxx> wrote:
> On 7/19/2012 10:11 AM, Tom Browder wrote:
>> I have a single server with a multiple vhost SSL certificate from a
>> recognized CA.  All vhosts are using SSL/TLS successfully and
>> exclusively with HSTS enforcement.
>>
>> I would now like to add SSL client certificates for individual vhost
>> private directory access and plan to do so using a self-generated,
>> self-signed CA certificate (self-CA) set up, with one certificate per
>> authorized user and vhost.  My question for my set up is this:
>>
>>   Does the client browser have to import anything other than its
>> assigned SSL client certificate?
...

> Since your servers are signed by a known CA, the browsers will only need
> to have a private key/certificate imported to function. In your httpd
> vhost, you will place your self-signed CA certificate (the one that
> signs the client certs) in the file pointed to by SSLCACertificateFile.

Thanks, Daniel!

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux