Client-side certificates

Posted by walshms on Server Fault See other posts from Server Fault or by walshms
Published on 2011-03-04T16:13:51Z Indexed on 2011/03/05 23:26 UTC
Read the original article Hit count: 235

Filed under:
|
|
|
|

My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works.

Now I'm required to generate x509 client-side certificates to issue for this subdomain. I'm following along this page: (http://www.vanemery.com/Linux/Apache/apache-SSL.html), starting with "Creating Client Certificates for Authentication".

I've generated the p12 files and successfully imported them into Firefox. When I browse to the site now, I get an error in FireFox that says "The connection to the server was reset while the page was loading."

I think my problem is coming from not signing the client-side correctly. When I sign the client-side certificate, I'm using the PEM file (RapidSSL_CA_bundle.pem) from RapidSSL (who we bought the certificate from) for the -CA argument. For the -CAkey argument, I'm using the private key of the server. Is this correct?

© Server Fault or respective owner

Related posts about security

Related posts about apache