Search
Member List
Calendar
Help
|
Can't get Client certificates to work
|
|
2013-03-22, 18:42
Post: #1
|
|||
|
|||
 Can't get Client certificates to work
Hello!
I hope someone can help me. I'm struggling using Client certificates. Server Certificates are working well as well as Code Signing. Although it took some days to get this to work, now it works fine. But Client certificates won't work at all. I'm using Debian 6.0.7 (squeeze), Apache 2.2.16, OpenSSL 1.0.1. Please find below the steps to create the certificates and my apache configuration. Thank's for helping me. ************************************************ # CREATE ROOT Certificate openssl req -x509 -newkey rsa:2048 -out ca.crt -keyout ca.key -days 3650 # CREATE SERVER Certificate openssl req -newkey rsa:2048 -keyout server.key -out server.req openssl ca -config ca.cnf -extensions codesigning -in server.req -out server.crt # REMOVE Passphrase cp server.key server.key.org openssl rsa -in server.key.org -out server.key # SIGN Code openssl cms -sign -binary -noattr -in /var/www-pxe/00\:0c\:29\:41\  1\a/loader.iso -signer server.crt -inkey server.key -outform DER -out /var/www-pxe/00\:0c\:29\:41\1\a/loader.sigopenssl cms -sign -binary -noattr -in /var/www-pxe/memdisk -signer server.crt -inkey server.key -outform DER -out /var/www-pxe/memdisk.sig openssl cms -sign -binary -noattr -in /var/www-pxe/bootstrap.ipxe -signer server.crt -inkey server.key -outform DER -out /var/www-pxe/bootstrap.ipxe.sig # CREATE CLIENT Certificate openssl req -newkey rsa:2048 -keyout client.key -out client.req openssl ca -config ca.cnf -in client.req -out client.crt # REMOVE Passphrase cp client.key client.key.org openssl rsa -in client.key.org -out client.key # MAKE undionly make bin/undionly.kpxe EMBED=test.ipxe make bin/undionly.kpxe EMBED=test.ipxe TRUST=server.crt CERT=client.crt PRIVKEY=client.key ************************************************ Here's my Apache Configuration: ************************************************ <IfModule mod_ssl.c> <VirtualHost *:443> DocumentRoot /var/www-pxe SSLEngine on SSLOptions +StrictRequire SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLCACertificateFile /var/ipxe/src/client.crt SSLCertificateFile /var/ipxe/src/server.crt SSLCertificateKeyFile /var/ipxe/src/server.key <Directory /> <------>SSLRequireSSL <------>Options FollowSymlinks <------>AllowOverride None <------> <------>SSLVerifyClient require <------>SSLVerifyDepth 1 </Directory> <Directory /var/www-pxe/> <------>Options Indexes FollowSymLinks MultiViews <------>AllowOverride None <------>Order allow,deny <------>allow from all </Directory> BrowserMatch "MSIE [2-5]" \ <------>nokeepalive ssl-unclean-shutdown \ <------>downgrade-1.0 force-response-1.0 </VirtualHost> </IfModule> |
|||
|
|
« Next Oldest | Next Newest »
|
| Messages In This Thread |
|
Can't get Client certificates to work - Viator - 2013-03-22 18:42
RE: Can't get Client certificates to work - mcb30 - 2013-03-23, 22:02
RE: Can't get Client certificates to work - Viator - 2013-03-25, 09:56
RE: Can't get Client certificates to work - mcb30 - 2013-03-25, 11:57
RE: Can't get Client certificates to work - Viator - 2013-03-25, 13:20
RE: Can't get Client certificates to work - mcb30 - 2013-03-25, 13:50
RE: Can't get Client certificates to work - robinsmidsrod - 2013-03-28, 22:04
RE: Can't get Client certificates to work - Viator - 2013-03-29, 09:58
RE: Can't get Client certificates to work - robinsmidsrod - 2013-03-29, 17:19
RE: Can't get Client certificates to work - Viator - 2013-04-02, 14:43
|
User(s) browsing this thread: 1 Guest(s)