SSL Client certificates for selected IP range
This is a discussion on SSL Client certificates for selected IP range within the Apache Web Server forums, part of the Web Server and Related Forums category; Hello all, I'd like to require clients to authenticate by a certificate to access my apache2. However, a selected '...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-23-2007
|
|||
|
|||
SSL Client certificates for selected IP range
Hello all,
I'd like to require clients to authenticate by a certificate to access my apache2. However, a selected 'trusted' ip range should not be required to authenticate this way. I see there are ways to restrict client authentication to a certain server directory, but is this also possible for client addresses? Plus, the server's certificate is signed by some public CA, but client certificates would be issued by myself. I don't think the public CA would authorize me as a sub-ca, so client and server certificates need to be handled with different CA certificates. Any idea how to configure apache accordingly? These SSL-related files are currently provided (just for server authentication): SSLCertificateFile - public key & certificate issued by the CA SSLCertificateKeyFile - private key of the server's certificate SSLCACertificateFile - the CA's public key SSLCertificateChainFile - CA certificates up to the root CA. Is the SSLCACertificateFile really required in the current setup? Or can it be replaced by my own CA for issuing client certificates without breaking server authentication? Best regards, Erhard |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 09:30 PM.
