SSL mutual authentication client certificate creation using Keytool

--001517473622747ca90480f9c7d7
Content-Type: text/plain; charset=ISO-8859-1

Hi All,

I have an application connecting to the secure Apache URL, I have generated
OpenSSL certificates and used it as CA and servercert, also generated client
certificate using hte below documentation.

http://www.impetus.us/~rjmooney/projects/misc/clientcertauth .html

However my client application ( another Java application) will connect to
this Apache instance needs a client certificate for authentication. Now that
I can use Keytool and import the Apache's client certificate and create a
Keystore.

However how to proceed further, how my Apache will understand the client's
certificates and allow the client app to connect and process the requests ?

Please advice.

Arun J

--001517473622747ca90480f9c7d7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi All,<br><br>I have an application connecting to the secure Apache URL, I=
have generated OpenSSL certificates and used it as CA and servercert, also=
generated client certificate using hte below documentation.<br><br><a href=
=3D"http://www.impetus.us/~rjmooney/projects/misc/clientcert auth.html">http=
://www.impetus.us/~rjmooney/projects/misc/clientcertauth.htm l</a><br>
<br>However my client application ( another Java application) will connect =
to this Apache instance needs a client certificate for authentication. Now =
that I can use Keytool and import the Apache's client certificate and c=
reate a Keystore. <br>
<br>However how to proceed further, how my Apache will understand the clien=
t's certificates and allow the client app to connect and process the re=
quests ?<br><br>Please advice.<br><br>Arun J<br>

--001517473622747ca90480f9c7d7--
Arunkumar Janarthanan [ Do, 04 März 2010 14:43 ] [ ID #2034040 ]

Re: SSL mutual authentication client certificate creation using

--000e0ce075dceaf4c804810e53f0
Content-Type: text/plain; charset=ISO-8859-1

Could anyone please advice with this ?

On Thu, Mar 4, 2010 at 8:43 AM, Arunkumar Janarthanan <
arunkumar.webadmin [at] gmail.com> wrote:

> Hi All,
>
> I have an application connecting to the secure Apache URL, I have generated
> OpenSSL certificates and used it as CA and servercert, also generated client
> certificate using hte below documentation.
>
> http://www.impetus.us/~rjmooney/projects/misc/clientcertauth .html<http://www.impetus.us/%7Erjmooney/projects/misc/clientcertauth.html>
>
> However my client application ( another Java application) will connect to
> this Apache instance needs a client certificate for authentication. Now that
> I can use Keytool and import the Apache's client certificate and create a
> Keystore.
>
> However how to proceed further, how my Apache will understand the client's
> certificates and allow the client app to connect and process the requests ?
>
> Please advice.
>
> Arun J
>

--000e0ce075dceaf4c804810e53f0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Could anyone please advice with this ?<br><br><div class=3D"gmail_quote">On=
Thu, Mar 4, 2010 at 8:43 AM, Arunkumar Janarthanan <span dir=3D"ltr"><<=
a href=3D"mailto:arunkumar.webadmin [at] gmail.com">arunkumar.webad min [at] gmail.com=
</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi All,<br><br>I =
have an application connecting to the secure Apache URL, I have generated O=
penSSL certificates and used it as CA and servercert, also generated client=
certificate using hte below documentation.<br>
<br><a href=3D"http://www.impetus.us/%7Erjmooney/projects/misc/clientcertau=
th.html" target=3D"_blank">http://www.impetus.us/~rjmooney/projects/m isc/cl=
ientcertauth.html</a><br>
<br>However my client application ( another Java application) will connect =
to this Apache instance needs a client certificate for authentication. Now =
that I can use Keytool and import the Apache's client certificate and c=
reate a Keystore. <br>

<br>However how to proceed further, how my Apache will understand the clien=
t's certificates and allow the client app to connect and process the re=
quests ?<br><br>Please advice.<br><br>Arun J<br>
</blockquote></div><br>

--000e0ce075dceaf4c804810e53f0--
Arunkumar Janarthanan [ Fr, 05 März 2010 15:14 ] [ ID #2034119 ]

Re: Re: SSL mutual authentication client certificate

On Fri, Mar 5, 2010 at 9:14 AM, Arunkumar Janarthanan
<arunkumar.webadmin [at] gmail.com> wrote:
> Could anyone please advice with this ?

Configure Apache to request a certificate from the client:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyc lient

Configure Apache to trust the issuer of your clients certificate:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacerti ficatefile

--
Eric Covener
covener [at] gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org
Eric Covener [ Fr, 05 März 2010 15:23 ] [ ID #2034121 ]

Re: Re: SSL mutual authentication client certificate

--001517478ae484860004814cd36d
Content-Type: text/plain; charset=ISO-8859-1

Thanks Eric, my client for the Apache is another Java application. So I used
keytool and generated trustore importing OpenSSL generated CA certificate.

Now that I have used export option to generate a certificate from Keytool,
How could I use this ceritificate now on Apache to authenticate the requests
from my client application ?

http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.htm l

Please advice.

On Fri, Mar 5, 2010 at 9:23 AM, Eric Covener <covener [at] gmail.com> wrote:

> On Fri, Mar 5, 2010 at 9:14 AM, Arunkumar Janarthanan
> <arunkumar.webadmin [at] gmail.com> wrote:
> > Could anyone please advice with this ?
>
> Configure Apache to request a certificate from the client:
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyc lient
>
> Configure Apache to trust the issuer of your clients certificate:
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacerti ficatefile
>
> --
> Eric Covener
> covener [at] gmail.com
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
> " from the digest: users-digest-unsubscribe [at] httpd.apache.org
> For additional commands, e-mail: users-help [at] httpd.apache.org
>
>

--001517478ae484860004814cd36d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Eric, my client for the Apache is another Java application. So I use=
d keytool and generated trustore importing OpenSSL generated CA certificate=
..<br><br>Now that I have used export option to generate a certificate from =
Keytool, How could I use this ceritificate now on Apache to authenticate th=
e requests from my client application ?<br>
<br><a href=3D"http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.htm=
l">http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool. html</a><br><br=
>Please advice.<br><br><div class=3D"gmail_quote">On Fri, Mar 5, 2010 at 9:=
23 AM, Eric Covener <span dir=3D"ltr"><<a href=3D"mailto:covener [at] gmail.c=
om">covener [at] gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Fri, Mar 5, 20=
10 at 9:14 AM, Arunkumar Janarthanan<br>
<div class=3D"im"><<a href=3D"mailto:arunkumar.webadmin [at] gmail.com">arunk=
umar.webadmin [at] gmail.com</a>> wrote:<br>
</div><div class=3D"im">> Could anyone please advice with this ?<br>
<br>
</div>Configure Apache to request a certificate from the client:<br>
<br>
<a href=3D"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclien=
t" target=3D"_blank">http://httpd.apache.org/docs/2.2/mod/mod_s sl.html#sslv=
erifyclient</a><br>
<br>
Configure Apache to trust the issuer of your clients certificate:<br>
<br>
<a href=3D"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertifica=
tefile" target=3D"_blank">http://httpd.apache.org/docs/2.2/mod/mod_s sl.html=
#sslcacertificatefile</a><br>
<div class=3D"im"><br>
--<br>
Eric Covener<br>
<a href=3D"mailto:covener [at] gmail.com">covener [at] gmail.com</a><br>
<br>
------------------------------------------------------------ ---------<br>
</div><div><div></div><div class=3D"h5">The official User-To-User support f=
orum of the Apache HTTP Server Project.<br>
See <URL:<a href=3D"http://httpd.apache.org/userslist.html" target=3D"_b=
lank">http://httpd.apache.org/userslist.html</a>> for more info.<br>
To unsubscribe, e-mail: <a href=3D"mailto:users-unsubscribe [at] httpd.apache.or=
g">users-unsubscribe [at] httpd.apache.org</a><br>
=A0 " =A0 from the digest: <a href=3D"mailto:users-digest-unsubscribe=
[at] httpd.apache.org">users-digest-unsubscribe [at] httpd.apache.org</a><br>
For additional commands, e-mail: <a href=3D"mailto:users-help [at] httpd.apache.=
org">users-help [at] httpd.apache.org</a><br>
<br>
</div></div></blockquote></div><br>

--001517478ae484860004814cd36d--
Arunkumar Janarthanan [ Mo, 08 März 2010 17:47 ] [ ID #2034319 ]
Webserver » gmane.comp.apache.user » SSL mutual authentication client certificate creation using Keytool

Vorheriges Thema: Redirect a complex URL to another one, either in httpd.conf or with
Nächstes Thema: Problems Building Apache Flood

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum