LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-09-2009, 12:11 AM   #1
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Rep: Reputation: 39
understanding OpenSSL with Apache


Hello all,

I want to clear up my understanding with you and hope this is not a dumb question. I want to secure apache with SSL certificate and I can do that with certificates. Now there are two ways one is self signed and another by creating my own CA.
In latter approach there will be in total of 5 files:-

server.crt: The self-signed server certificate.
server.csr: Server certificate signing request.
server.key: The private server key, does not require a password when starting Apache.

If created a CA, then will have two additional files:

ca.crt: The Certificate Authority's own certificate.
ca.key: The key which the CA uses to sign server signing requests


Now what I am targeting here is to do a bidirectional authentication in apache. So which files should I make available to client so that it can validate the servers certificates and vice versa.

As per SSL flow:
when browser requests a secure page the web server sends him its public key with its certificate. In this case which one its sending to client browser?

Thank you.
 
Old 11-09-2009, 04:31 AM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,591

Rep: Reputation: 145Reputation: 145
http://httpd.apache.org/docs/2.2/ssl/
 
Old 11-13-2009, 08:37 PM   #3
tanveer
Member
 
Registered: Feb 2004
Location: e@rth
Distribution: RHEL-3/4/5,Gloria,opensolaris
Posts: 525

Original Poster
Rep: Reputation: 39
Hi, thanks for that link.
I finally got the clear picture ones I installed and run the whole setup with self signed CA certificate.

I have one question though. I want to do mutual authentication so that both server and client will show each others their certificates. Now I setup SSLVerifyClient require in server setup and can see with wireshark that its asking for certificate from client too but as I didn't setup client certificate part yet so its not working, thats ok.

Now my question is when client will show server his certificate is there any way to trigger a php script from server to fetch the values from that certificate? Because I want to check that with programming.
 
Old 11-16-2009, 02:22 AM   #4
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,591

Rep: Reputation: 145Reputation: 145
SSLOptions +ExportCertData

that's the directive for apache. Unfortunately I don't know how to retrieve the data with JS or PHP. Never neede that yet ;-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Compiling Apache 1.3.x + mod_ssl + openssl Kupo Linux - Server 13 06-15-2007 06:50 PM
OpenSSL + Apache certificate, how? The_Nerd Linux - Software 2 12-26-2004 09:18 PM
apache + mod_ssl without openssl , will it run ? kernelvn Linux - Security 1 10-01-2004 11:47 PM
OpenSSL Apache 2 RedHat 8 bfdlinux Linux - Security 2 07-25-2003 09:18 AM
Openssl and apache huno Linux - General 1 04-21-2003 02:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration