Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs
This is a discussion on Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs within the Modssl Users forums, part of the Web Server and Related Forums category; On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote: > I've found myself in the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-14-2007
|
|||
|
|||
Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs
On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote:
> I've found myself in the same quandary as this guy [1]. My CA > structure is as follows. > > - RootCA > - SubCA1 > - SubCA1 Server > - SubCA1 Clients > - SubCA2 > - SubCA2 Server > - SubCA2 Clients > > I have two HTTPS vhost containers. One which has a server certificate > issued by SubCA1 and should only accept client certificates from > SubCA1. Likewise, another for SubCA2, which should only accept client > certificates from SubCA2. I think this should work by using: SSLCertificateChainFile rootca <Vhost for SubCA1> SSLCACertificateFile SubCA1 </Vhost> <Vhost for SubCA2> SSLCACertificateFile SubCA2 </Vhost> joe __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org 
|
Linear Mode
