https://bugs.kde.org/show_bug.cgi?id=131083
--- Comment #5 from Bernd Paysan <bernd paysan gmx de> 2011-09-15 13:28:21 --- Ok, the "type of widget" is fairly easy: The SSL certificate management in KDE 4 now has only one tab, for CAs (certificate authorities). It needs another tab for the user's client certificates (e.g. title "your certificates"). The other functionality, viewing, activating/deactivating, deleting, importing is the same as for CAs. A user may have several different client certificates (e.g. one signed by his company for SSL access to the company intranet, and another one from CACert for accessing www.cacert.org). Client certificates differ from CA certificates significantly, as they contain a private key and are protected by a passphrase. There probably needs to be a third tab, which contains the list of client certificates remembered for each server, to manage that. The next thing to do is to add client certificate in the KDE SSL layer - the server will sent a client request, and the SSL layer should present the user the list of active client certificates to select one - with a "remember for this server" option, and an input field for the certificate's pass phrase (store that in kwallet when the user wants to). How to test? For kmail, set up a dovecot IMAP server, and set ssl_ca_file = /etc/dovecot/<your-ca>.pem ssl_verify_client_cert = yes in dovecot.conf. <your-ca> in this case can be a self-signed certificate, which you also use to generate your client certificate. For konqueror, enable client certificate validation in a test web server. For lighty, use ssl.verifyclient.activate = "enable" in the SSL configuration setup, for Apache SSLVerifyClient require SSLVerifyDepth 2 There are a number of client certificate SSL howtos on the net, just google for them, and try those things with Firefox, Chrome, and Konqueror. -- Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list [email protected] https://mail.kde.org/mailman/listinfo/kdepim-bugs
