Hi,
I'm trying create a mutually authenticated SSL connection using a proxy
certificate[1] generated by MyProxy server for the client side. The server
contains the certificate of the CA, but does not contain the certificate of
the user who issued/signed the proxy certificate. Hence the proxy
certificate also contains the public key of the user as mentioned in here
[2] . The overall format of the certificate has the following structure
[3].
PEM-encoded proxy certificate
PEM-encoded private key
PEM-encoded public certificate of the user (delegator) to help create
the certificate chain in the server side.
My question is whether OpenSSL supports the above scenario of using a public
key contained in the client proxy file as an intermediary certificate when
building the trust path to the CA. If so please let me know the
configurations I need to do...
My ultimate goal is to get this working with Apache Tomcat using mod_ssl &
APR.
thanks,
Thilina
1. http://www.ietf.org/rfc/rfc3820.txt
2.
http://gdp.globus.org/gt4-tutorial/multiplehtml/ch10s05.html#fig_sec_gsi_proxyvalidation
3. http://dev.globus.org/wiki/Security/ProxyFileFormat
--
Thilina Gunarathne - http://thilinag.blogspot.com
