How to generate a client certificate using a third party CA-NOT Self Signed CA
Posted
by Bryan
on Stack Overflow
See other posts from Stack Overflow
or by Bryan
Published on 2009-06-02T15:37:27Z
Indexed on
2010/03/14
4:05 UTC
Read the original article
Hit count: 493
I am trying to trying to export a client certificate for use with a web browser.
The goal is to restrict access using the <Location> directive to the admin area. I have seen numerous tutorials on using self signed CAs. How would you do this using a third party?
1) Do I need to include the CA in the client pfx if it is a trusted root CA? I have seen both examples.
Without CA:
openssl pkcs12 -export -inkey KEYFILENAME -in CERTFILEFILENAME -out XXX.pfx
With CA:
openssl pkcs12 -export -in my.crt- inkey my.key -certfile my.bundle -out my.pfx
2) Do I need to still include SSLCACertificateFile for trusted CA in the httpd.conf setup?
SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt
<Location /secure/area>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
© Stack Overflow or respective owner