How to generate a client certificate using a third party CA-NOT Self Signed CA

Posted by Bryan on Stack Overflow See other posts from Stack Overflow or by Bryan
Published on 2009-06-02T15:37:27Z Indexed on 2010/03/14 4:05 UTC
Read the original article Hit count: 493

I am trying to trying to export a client certificate for use with a web browser.

The goal is to restrict access using the <Location> directive to the admin area. I have seen numerous tutorials on using self signed CAs. How would you do this using a third party?

1) Do I need to include the CA in the client pfx if it is a trusted root CA? I have seen both examples.

Without CA:

openssl pkcs12 -export -inkey KEYFILENAME -in CERTFILEFILENAME -out XXX.pfx

With CA:

openssl pkcs12 -export  -in my.crt- inkey my.key -certfile my.bundle -out my.pfx

2) Do I need to still include SSLCACertificateFile for trusted CA in the httpd.conf setup?

SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
<Location /secure/area>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>

http://www.modssl.org/docs/2.8/ssl_howto.html#ToC8

© Stack Overflow or respective owner

Related posts about apache

Related posts about openssl