Sounds like your trying to use the thawte apache cert to sign your client certs? The thawte cert won't have the right attributes to sign a client certand then try to use it.

You could use your CA for client certs and Thawte for the server cert.

Regards
Matt



----- Original Message ----
From: Jan Stian Gabrielli
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?

I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.

Does anyone know if it is possible to do this with a crt signedby a "third"
party where one does not have access to their root ca key ?..

Ie.

I have generated a : apache_server.key made a apache_server..csr and sent
this for signing by thawte.com
Recived a apache_server.crt

Created a client.key and a client.csr
Signed it with my apache_server.key and apache_server.crt

Converted the client.key,crt to a pkcs12file and imported this into my
browser but i can not make things work.

SSL works fine on the server on pages that does not require SSL client auth.

A I stated earlier, IT works when I create and self sign a CA,but I cant
make it work when I use a 3rd party CA and only have apache_server.key,
apache_server.crt , thawte root cert.

Best regards

Wizkidnono
–œ…â'µêßiÇ* ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢– )*.+-š‡l²[¬z»&¡Û,–**ëh™«^t¸¬´Æ§j«™¨è*Ú&¢j²Éh®



__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org