One dev wrote:
El vie, 11-04-2008 a las 17:01 +0300, Deceased escribió:
Hi,
I'm using apache and pkcs12 certs to for auth., but I cannot make web
browser to ask pass phrase every time I connect to it, only for import
pass on cert install. I'm using firefox.
Is there any way to make pkcs12 certs that require pass phrase for auth,
or any other cert file that works with firefox.
Server asking for certificate:
Client cert only need "open" crypto store of browser with pass phrase.
If you want that server ask for client certificate you need set this
flag in server configuration, host or virtual host, ssl.conf
Browser asking a pass phrase:
If you want that firefox ask for key of crypto store, you can close the
browser. You can adjust firefox configuration to enable the request of
pass phrase to access store of certificates.
Thank You in advance.
here's how whole thing was done :
*Create the Certificate Authority (CA)*
openssl genrsa -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
*Have the Client Request a Certificate*
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr -config openssl.cnf
*Have the Authority Sign the Certificate*
openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -in
client.csr -out client.crt
*Import the Client Certificate*
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out
client.p12
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
Ok, thanks for reply, although thats not what i need.
I'll have to find another way.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
