One dev wrote:
> El vie, 11-04-2008 a las 17:01 +0300, Deceased escribió:
>> Hi,
>>
>> I'm using apache and pkcs12 certs to for auth., but I cannot make web
>> browser to ask pass phrase every time I connect to it, only for import
>> pass on cert install. I'm using firefox.
>> Is there any way to make pkcs12 certs that require pass phrase for auth,
>> or any other cert file that works with firefox.

> Server asking for certificate:
> Client cert only need "open" crypto store of browser with pass phrase.
> If you want that server ask for client certificate you need set this
> flag in server configuration, host or virtual host, ssl.conf
>
> Browser asking a pass phrase:
> If you want that firefox ask for key of crypto store, you can close the
> browser. You can adjust firefox configuration to enable the request of
> pass phrase to access store of certificates.
>
>> Thank You in advance.
>>
>> here's how whole thing was done :
>>
>> *Create the Certificate Authority (CA)*
>>
>> openssl genrsa -out ca.key 1024
>> openssl req -new -key ca.key -out ca.csr
>> openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
>>
>> *Have the Client Request a Certificate*
>>
>> openssl genrsa -out client.key 1024
>> openssl req -new -key client.key -out client.csr -config openssl.cnf
>>
>> *Have the Authority Sign the Certificate*
>>
>> openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -in
>> client.csr -out client.crt
>>
>> *Import the Client Certificate*
>>
>> openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out
>> client.p12
>> __________________________________________________ ____________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majordomo@openssl.org


Ok, thanks for reply, although thats not what i need.
I'll have to find another way.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org