B G Roper wrote:
Hello list/forum
I'm new with openssl so please be gentle.
I'm hoping that my problem is small, and may have a simple answer/s.
Being new to ssl terminology, it is hard for me to know what and where to
search for clues.
I'm understanding the basic concepts of certificates, and have my test
server working fine with "normal" ssl setup. Hopefully this keeps the
connections "secure".
I need to give maybe ~20 users secure remote access to a small server.
http/s only. No ssh, ftp, etc.
I can use openvpn to achieve the desired result, but wondering whether I can
do it more simply (better) with openssl.
You mean that the web server will ask the client's browsers for the
client certificates? Sure that's possible, pretty much standard case.
Look at the apache httpd docs.
Is it possible to "manually issue" self-signed certificates (by sneakernet
or CD or flaccid diskette) to those ~20 users, and configure openssl so that
only those folks have access? Nobody else to have any access. (And when a
person leaves, cancel their access too.)
For canceling you have to use a revocation list, a CRL. But that's
supported by apache too. No problems.
I have found this HOWTO that seems close to the mark.
http://blogs.ittoolbox.com/security/investigator/archives/howto-securing-a-website-with-client-ssl-certificates-11500
Any other tips or clues ? Can this be done, securely ?
Is there any other info out there in the dataspehere that might help ?
Any special or relevant words that I should use to search for help about
this ?
Much TIA's
--
Aleksander Kamenik
system administrator
+372 6659 649
[EMAIL PROTECTED]
Krediidiinfo AS
http://www.krediidiinfo.ee/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
