Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- SSL - can you insite on having certificate?
January 9, 2006, 2:47 pm
rate this thread
from one of the big CAs, or the certificate has expired, you get asked
if you will accept the certificate or not.
I implemented an SSL site at
which is for private use, so such messages are not an issue.
However, is it possible to configure the site such that unless you have
already have a certificate on your machine, you are unable to connect?
i.e the user has no choice to accept it or not - they either have it, or
they can't connect?
I don't think this is possible, but if it is, please let me know how.
The server runs Apache 2.x.
Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)
Re: SSL - can you insite on having certificate?
Could you use the mod_ssl "SSLRequireSSL" and "SSLVerifyClient
require" directives together with SSL/TLS client certificates you
generate, sign & issue? I haven't tried this myself, but
<http://httpd.apache.org/docs/2.0/mod/mod_ssl.html might be a good
place to start.
From: address is a spamtrap, Reply-To: is valid.
GnuPG/PGP: 7DA3 1579 C0DD 8748 C05A B984 E2A2 3234 D14B 6DD7