Re: Re: ssl client authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Does anyone possibly have an answer to these questions?  I'm quite
stumped at the moment, and would love to try and get this fully working.

Thanks again.

> Date: Thu, 17 Nov 2005 10:09:45 -0600
> From: Michael Montgomery <mmontgomery@xxxxxxxxxxxxx>
> Subject: Re: Re:  ssl client authentication
> To: fedora-directory-users@xxxxxxxxxx
> Message-ID: <1132243785.24437.11.camel@work>
> Content-Type: text/plain
> 
> Thank you very much for your response.  I just have a couple more
> questions so I can be sure I know what I'm talking about.
> 
> > the directory server (your SSL server) replies with the certificate chain which includes 
> > the CA certificate, and the self-signed SSL certificate."
> 
> I'm assuming the 'self-signed SSL cerificate' is the client's ssl
> certificate I imported into the SSL server's store, and NOT the server's
> own client certificate?
> 
> > you should have the SSL certificate imported into your SSL client's security database, 
> > and it should be marked as trusted (i.e -t "CT,CT,CT"). 
> 
> Is there any documentation on how to do this with a RHEL4 server?  The
> only things that come to mind are the openssl dirs '/usr/share/ssl/*',
> and possibly installing the certutil package on this machine...(but how
> would the ldap.conf file reference this, and even know about it... I'm
> curious about integration)
> 
> >Another way to do this is to sign your SSL server certificate with your self-signed CA 
> > certificate, and import your CA certificate into your SSL client's security database. 
> 
> I'm assuming you're talking about this option to Sign/Validate a
> self-signed cert:
> 
> -V              Validate a certificate
>    -n cert-name      The nickname of the cert to Validate
>    -b time           validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]")
>    -e                Check certificate signature
>    -u certusage      Specify certificate usage:
>                           C      SSL Client
>                           V      SSL Server
>                           S      Email signer
>                           R      Email Recipient
>    -d certdir        Cert database directory (default is ~/.netscape)
>    -P dbprefix       Cert & Key database prefix
>    -X                force the database to open R/W
> 
> But then there's still the above question of how to import it into
> clients...
> 
> Once again, thank you very much for your answers up to this point, as
> they were quite helpful.
> 
> Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux