Fedora 16 Apache SSL Certificates: Problem with properly setting up server
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Fedora 16 Apache SSL Certificates: Problem with properly setting up server
Hi all!
I know that this subject has been brought up many times, but I have been struggling with this for few days know and my mind is complete mess after reading so many different solutions.
So maybe from the beginning, I have created key and certificate with openssl library and began to modify proper files. I am not touching httpd.conf only ssl.conf so here it goes:
May I ask for clarification: are you trying to get https to work or do you have that working and are you trying to get certificate authentication to work?
"SSLVerifyClient require" means require a client certificate which has to be directly # signed by our CA certificate. Unless you have installed such a certicate in your client browser, you will get that error message.
and about 1st thing, I am not quiet sure if https is working properly, i assumed so sine it's asking for the certificate and prompt that it's all personal
I suggest you start by turning off the client authentication verification and start by seeing if you can access the page via https: and then pull up the certificate information from the browser. This will isolate whether the problem is in your https configuration or a problem with the client authentication.
I also noticed that you set the SSLVerifyDepth to 5, whereas I normally see this set to 1. Please see the following: http://www.modssl.org/docs/2.6/ssl_reference.html (scroll down to SSLRequierDepth). Doubt that it is causing your problem, but it is non standard.
Edit: Make sure that your client certificate has been signed by the CA you used to sign the server certificate too! You also need to be really careful of the CN (common name) parameter. See the how to I linked above.
@Noway2,
thank mate! It works, it seems that I had problem with this pkcs#12 format. Man, you made my day. I can proceed with project now, thanks again!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.