This is a discussion on Re: usig apache and pkcs12 for auth, pass phrase needed - Openssl ; One dev wrote: > El vie, 11-04-2008 a las 17:01 +0300, Deceased escribió: >> Hi, >> >> I'm using apache and pkcs12 certs to for auth., but I cannot make web >> browser to ask pass phrase every time I ...
One dev wrote:
> El vie, 11-04-2008 a las 17:01 +0300, Deceased escribió:
>> I'm using apache and pkcs12 certs to for auth., but I cannot make web
>> browser to ask pass phrase every time I connect to it, only for import
>> pass on cert install. I'm using firefox.
>> Is there any way to make pkcs12 certs that require pass phrase for auth,
>> or any other cert file that works with firefox.
> Server asking for certificate:
> Client cert only need "open" crypto store of browser with pass phrase.
> If you want that server ask for client certificate you need set this
> flag in server configuration, host or virtual host, ssl.conf
> Browser asking a pass phrase:
> If you want that firefox ask for key of crypto store, you can close the
> browser. You can adjust firefox configuration to enable the request of
> pass phrase to access store of certificates.
>> Thank You in advance.
>> here's how whole thing was done :
>> *Create the Certificate Authority (CA)*
>> openssl genrsa -out ca.key 1024
>> openssl req -new -key ca.key -out ca.csr
>> openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
>> *Have the Client Request a Certificate*
>> openssl genrsa -out client.key 1024
>> openssl req -new -key client.key -out client.csr -config openssl.cnf
>> *Have the Authority Sign the Certificate*
>> openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -in
>> client.csr -out client.crt
>> *Import the Client Certificate*
>> openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out
>> __________________________________________________ ____________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List firstname.lastname@example.org
>> Automated List Manager email@example.com
Ok, thanks for reply, although thats not what i need.
I'll have to find another way.
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com