Re: SSL Certificate Validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 8, 2018 at 7:36 AM, Belmona, Nizar <nbelmona@xxxxxxxxxxxx> wrote:

Thanks Rainer and Daniel.

Sorry for the confusion and please let me clarify.

 

We have a web server with Apache 2.2.22 with OpenSSL 0.9.8t, the Apache service launches fine and the users/developers are able to connect however developers through their code bypass the Server SSL certificate verification. I am not worried about the client certificate validation since we are not using it,  all the concern is we need to stop users bypassing the Server SSL verification who are claiming they have to bypass it since the certificate name doesn’t match the server name in the link being called. Kindly note that configuration in hhtpd.conf is:




​You can't stop them unless you control the client.  You only control the server. The only thing you could do is provide a better certificate.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux