Date: Tue, 30 Sep 2008 16:55:04 +1000 From: Fraser Tweedale <frase@frase.id.au> To: freebsd-questions@freebsd.org Subject: Re: [OT] Apache SSL certificate authentication Message-ID: <20080930065503.GA89763@bacardi.frase.id.au> In-Reply-To: <48E10999.9070005@cyberleo.net> References: <20080928040152.GA7159@bacardi.frase.id.au> <48E10999.9070005@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 29, 2008 at 12:00:09PM -0500, CyberLeo Kitsana wrote: > Fraser Tweedale wrote: > > - Create my CA key and a CSR, and have CACert sign it. >=20 > Are you sure it's signed as an intermediary CA? cacert.org's website > suggests they will only sign leaf certificates. > http://wiki.cacert.org/wiki/SubRoot >=20 > Fortunately, your client certs need not be signed by the same CA as your > server cert, and it's probably somewhat pointless to have a client cert > (which will be used for your infrastructure alone) vetted by a third part= y. >=20 > --=20 > Fuzzy love, > -CyberLeo > Technical Administrator > CyberLeo.Net Webhosting > http://www.CyberLeo.Net > <CyberLeo@CyberLeo.Net> >=20 > Furry Peace! - http://wwww.fur.com/peace/ > Thanks for the clarification. I hadn't picked up on the fact that you need a special intermediary cert for the server cert to validate up the chain. Well, nevermind. It's just for personal use anyway... if only X.509 could be simple like OpenPGP :) frase --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjhzUcACgkQPw/2FZbemTW+cwCfWJkAGb0Msurn7KdQdV9HkvHn P20AnAs6lRGWUXfX1KN84jmQlCVKAm9+ =AogY -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080930065503.GA89763>