[openssl-users] Self signed cert issue
Wouter Verhelst
wouter.verhelst at fedict.be
Fri Sep 15 14:06:12 UTC 2017
On 15-09-17 15:58, Richard Olsen wrote:
> I missed putting in the email that i created all the certs as listed
> below. SO i have the CA, Server and Client certs created. And tried to
> do the pfx file for authentication with a "Soft cert" where i'll have to
> configure later for a "hard cert" smartcard.
Okay, so what are you trying to do, then?
- If you're trying to do client-side authentication, then you need to
place your CA certificate in a file that you point to with
SSLCACertificateFile (see
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile
for the apache 2.2 version of that configuration item). The Server
certificate can be any (and should probably be a public-trust one).
- If you're trying to authenticate your server against a private CA,
then you should import the private CA certificate into your browser
trust store. For firefox, you do that by going to Preferences ->
Advanced -> View Certificates -> Authorities -> Import..., and then
pointing to the .crt file.
Note that while it is allowed, it is absolutely not necessary that your
server certificate and client certificate are from the same CA.
--
Wouter Verhelst
More information about the openssl-users
mailing list