SSL - can you insite on having certificate?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
If you connect to an SSL secure site that does not have a certificate
from one of the big CAs, or the certificate has expired, you get asked
if you will accept the certificate or not.

I implemented an SSL site at /

which is for private use, so such messages are not an issue.

However, is it possible to configure the site such that unless you have
already have a certificate on your machine, you are unable to connect?
i.e the user has no choice to accept it or not - they either have it, or
they can't connect?

I don't think this is possible, but if it is, please let me know how.
The server runs Apache 2.x.

Dave K /

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)

Re: SSL - can you insite on having certificate?


Quoted text here. Click to load it

Could you use the mod_ssl "SSLRequireSSL" and "SSLVerifyClient
require" directives together with SSL/TLS client certificates you
generate, sign & issue? I haven't tried this myself, but
< might be a good
place to start.

From: address is a spamtrap, Reply-To: is valid.
GnuPG/PGP: 7DA3 1579 C0DD 8748 C05A  B984 E2A2 3234 D14B 6DD7

Site Timeline