Hello!
I am struggling to understand the concept of client side authentication enabled in SSL apache. I have been reading the posts, google pages but still clueless. What I could understand till now is 3 configuration parameter is required SSLVerifyClient SSLVerifyDepth SSLCACertificate File The points on which I am confused is SSLCARevocationFile.
The meaning of SSLCARevocationFile is really quite simple. Let's say that we have issued certificates to all employees in our company. These certificates are issued by the CA whose certificate is in SSLCACertificateFile. Apache is configured to trust all certificates issued by this CA. Now one of the employees leaves and should no longer have access. We can't really "take back" the certificate file issued to this employee, so we just declare that we no longer trust this particular certificate - in other words, we revoke the certificate. Such revoked certificates are listed in "Certificate Revocation List" - a file which SSLCAReviocationFile points to.
-- Toomas Aas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|