[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modssl
Subject: Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs
From: Joe Orton <jorton () redhat ! com>
Date: 2007-12-14 11:10:03
Message-ID: 20071214111003.GA13676 () redhat ! com
[Download RAW message or body]
On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote:
> I've found myself in the same quandary as this guy [1]. My CA
> structure is as follows.
>
> - RootCA
> - SubCA1
> - SubCA1 Server
> - SubCA1 Clients
> - SubCA2
> - SubCA2 Server
> - SubCA2 Clients
>
> I have two HTTPS vhost containers. One which has a server certificate
> issued by SubCA1 and should only accept client certificates from
> SubCA1. Likewise, another for SubCA2, which should only accept client
> certificates from SubCA2.
I think this should work by using:
SSLCertificateChainFile rootca
<Vhost for SubCA1>
SSLCACertificateFile SubCA1
</Vhost>
<Vhost for SubCA2>
SSLCACertificateFile SubCA2
</Vhost>
joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic