Here's my steps to create working client certificates:
1. openssl req -new -out clienta.csr -keyout clientakey.pem
Enter the details for the certificate, i.e common name being the client/employee, "Joe
Bloggs".
2. openssl x509 -req -in clienta.csr -out clienta.pem -CA YOUR_SERVERS_CERTIFICATE
-CAkey YOUR_SERVERS_PRIVATE_KEY -CAcreateserial -days 365 -outform PEM
3. openssl pkcs12 -export -in clienta.pem -out clienta.p12 -inkey clientakey.pem -name
"Joe Bloggs"
Distribute clienta.p12 (rename clienta.p12 to Joe_Bloggs.p12) to client/employee.
However, if you decide to revoke the certificate, Apache-SSL will still allow you to
connect with the revoked certificate.
To stop IE from asking for the password every time you try and hit a webpage document,
just set the security level to low and disable (un check) "Enable strong private key
protection" when you first import the client certificate.
I hope this helps, it works perfectly for me.
Yes this is a repeat post.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
