Acceptable client certificate CA names Limitations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I have Apache 2.4 (win32) and have the following in my CA bundle.
Root 1
Subordinate 1
Subordinate 2

My server was signed off Subordinate 1
 When I do openssl s_client -connect server:443
it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names.


If I remove Subordinate 2 from the bundle, It only shows Subordinate 1 as a acceptable CA. However, if I remove Subordinate 1, it still shows as an acceptable CA.

It seems httpd references not only cabundle/cafiles but also certs in the Chain file. as acceptable CAs.

Is it possiable to prevent a user signed off Subordinate 1 from using client certificate authentication while the server cert is issued off Subordinate 1?

--Dan
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux