On Tue, Jan 20, 2009 at 1:59 PM, Sean Conner <spc@xxxxxxxxxx> wrote: > It was thus said that the Great Brian Mearns once stated: >> >> Thanks for the detailed response, Sean. I'm still not entirely clear >> on one thing, though: If I created my own certificate and gave the the >> organization name "Conman Laboratories" and an Organzational unit name >> of "Clients", would I be able to get onto your site? I'm 90% sure that >> the answer is NO, because I'm not signed by the CA specified by the >> SSLCACertificateFile directive, but the Apache documentation, as I >> interpreted it, is not explicit that this directive applies an >> implicit condition to the SSLRequire directive. > > I think it does. The client certificate didn't work util I added the CA > Certificate to the file pointed to by SSLCACertificateFile. If I were to > add your CA Certificate to that file, then yes, you should be able to sign > certificates with an organization name "Conman Laboratories" and a unit name > of "Clients" and have it accepted. > > Of course, you could always try signing a certificate with said > information and see what happens. > > -spc > Thanks, again, Sean. I appreciate the help. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|