I have a problem. Apache listens on a white ip and proxies all requests /ssd on
nginx that proxies requests /city-dashboard to another server with websockets.
Apache default.conf:
ProxyRequests On
ProxyPreserveHost On
ProxyPass "https://127.0.0.1:443";
ProxyPassReverse "https://127.0.0.
Ok.
-- Original Message --
From: "Marat Khalili"
To: users@httpd.apache.org
Sent: 8/23/2015 8:16:06 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
In this case, could you please post the results when you get the
SSLOCSPEnable fixed? I'm particularly intereste
In this case, could you please post the results when you get the
SSLOCSPEnable fixed? I'm particularly interested in performance.
--
With Best Regards,
Marat Khalili
On 23/08/2015 19:57, Sterpu Victor wrote:
There are 4 CAs, at least 1 uses OCSP(only 1 I called).
I hope all of them use OCSP,
There are 4 CAs, at least 1 uses OCSP(only 1 I called).
I hope all of them use OCSP, I don't know the legislation but it seems
normal to be required by law.
-- Original Message --
From: "Marat Khalili"
To: users@httpd.apache.org
Sent: 8/23/2015 7:51:14 PM
Subject: Re: [users@httpd] SSL -
Oh, I see. In this case you will have to check the status of their
certificates. Still, I suspect all of the tokens are issued by one CA.
Probably it is better to ask this CA for their procedures: do they use
OCSP or just publish CRLs.
--
With Best Regards,
Marat Khalili
On 23/08/2015 19:41,
All clients already have PKCS11 tokens.
It would be too complicated for them to get used with something else.
-- Original Message --
From: "Marat Khalili"
To: users@httpd.apache.org
Sent: 8/23/2015 7:34:07 PM
Subject: Re: [users@httpd] SSL - How client certificates are verified?
I see.
I see. However, accepting clients certificates from the world recognized
authorities is both more expensive (for clients) and more risky than
running your own CA (recognized only by your server). If you personally
know all your clients it is easier to issue them certificates directly,
and revok
I want to make a page that will authenticate only with PKCS11 tokens.
These tokens contain only certificates from a recognized authority.
OCSP would be usefull if the token has been declared lost or stolen.
But I don't want to make things too complicated.
-- Original Message --
From: "Ma
I want to make a page that will authenticate only with PKCS11 tokens.
These tokens contain only certificates from a recognized authority.
OCSP would be usefull if the token has been declared lost or stolen.
But I don't want to make things too complicated.
-- Original Message --
From: "Mar
Hello, what is your scenario? If you issue (sign) client certificates
yourself, Apache can correctly verify it against local CRL (certificate
revocation list) file (server restart may be required after file
update). There's information in the net concerning OCSP support for
client authenticatio
On Aug 22, 2015 8:57 PM, "Kurtis Rader" wrote:
> On Sat, Aug 22, 2015 at 1:15 PM, Tom Browder
wrote:
>> Sorry for the confusion, Kurt, but I appreciate your look and
>> analysis. Shall I file the bug, or would it be better coming from
>> you.
...
> You should open the issue since I have no speci
yes you are right about client certificate verification with CA.
i am not sure about OCSP verification.
On Sun, Aug 23, 2015 at 1:21 PM, Sterpu Victor wrote:
> I'm not sure I got this right, this is what I was thinking:
> - client sends his certificate, with the public key included; the
> certi
I'm not sure I got this right, this is what I was thinking:
- client sends his certificate, with the public key included; the
certificate contains a signature of the client certificate made with the
private key of the CA;
- apache server has the public key of the CA and can check the signature
of
Hi Jeff,
Thanks a lot and I try to compile as per the link.
Regards,
Mohan
On Sun, Aug 23, 2015 at 11:33 AM, jeffmonte101 .
wrote:
> Hey Mohan,
>
> You may want to take a look into this link.
>
>
> http://blog.ivanristic.com/2013/08/compiling-apache-with-static-openssl.html
>
> The above link
Hi,
With the option "SSLVerifyClient require" , server mandates the client to
send its certificate for authentication. Then the server verifies this
client certificate against the CA certificate file configured in apache. If
the client certificate has been signed by a valid CA, then the
authentica
15 matches
Mail list logo
