I understand that it is possible to use client side certificates (ie certificates
stored in the browser) to control access to pages and directories on a webserver.
I've been following notes provided with OpenSSL for generating ssl certificates
suitable for importing into a browser. For example, i've been doing the following:
CA.pl -newreq
CA.pl -signreq
CA.pl -pkcs12 "My Cert"
This generates a file that Netscape 4.7x happily imports but that IE 5.x doesn't like.
It allows me to go thru the import process, but complains at the last step. It
identifies the file's content as being PFX, but fails at the last step with : The
input information is invalid.
If i configure apache to require the presence of client side certificates for a
subdirectory, when i browse that subdirectory with Netscape, it asks me which
certificate i wish to use, and i select the one i generated earlier. I am then allowed
to view the page, HOWEVER, i get asked this question for every page impression even if
the are all coming from the same subdirectory.
So:
- how do i get IE to accept certs i genereate OR how do i generate certs for IE ?
and
- how do i stop NS from prompting the user for every URL.
I am currently using a CA certificate I generated myself, but i have managed to
convince IE and NS to trust this CA by importing new info into their list of trusted
CAs.
I'm using :
OpenSSL 0.9.5a 1 Apr 2000
Apache/1.3.12 (Unix) PHP/4.0.3pl1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.24
Netscape 4.7x
IE 5.5
This is my first post here, and i'm guessing this has probably been covered before.
Are there notes somewhere that cover this? I have been using the notes that come with
mod_ssl and openssl.
regards,
Scott Fagg <[EMAIL PROTECTED]>
Ove Arup & Partners
(07) 3839 1166
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
