understanding OpenSSL with Apache
Hello all,
I want to clear up my understanding with you and hope this is not a dumb question. I want to secure apache with SSL certificate and I can do that with certificates. Now there are two ways one is self signed and another by creating my own CA. In latter approach there will be in total of 5 files:- server.crt: The self-signed server certificate. server.csr: Server certificate signing request. server.key: The private server key, does not require a password when starting Apache. If created a CA, then will have two additional files: ca.crt: The Certificate Authority's own certificate. ca.key: The key which the CA uses to sign server signing requests Now what I am targeting here is to do a bidirectional authentication in apache. So which files should I make available to client so that it can validate the servers certificates and vice versa. As per SSL flow: when browser requests a secure page the web server sends him its public key with its certificate. In this case which one its sending to client browser? Thank you. |
|
Hi, thanks for that link.
I finally got the clear picture ones I installed and run the whole setup with self signed CA certificate. I have one question though. I want to do mutual authentication so that both server and client will show each others their certificates. Now I setup SSLVerifyClient require in server setup and can see with wireshark that its asking for certificate from client too but as I didn't setup client certificate part yet so its not working, thats ok. Now my question is when client will show server his certificate is there any way to trigger a php script from server to fetch the values from that certificate? Because I want to check that with programming. |
SSLOptions +ExportCertData
that's the directive for apache. Unfortunately I don't know how to retrieve the data with JS or PHP. Never neede that yet ;-) |
All times are GMT -5. The time now is 12:36 AM. |