Sounds like your trying to use the thawte apache cert to sign your client certs? The thawte cert won't have the right attributes to sign a client cert and then try to use it.
You could use your CA for client certs and Thawte for the server cert.
Regards
Matt
----- Original Message ----
From: Jan Stian Gabrielli <
stian@...>
To:
modssl-users@...
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a "third"
party where one does not have access to their root ca key ?.
Ie.
I have generated a : apache_server.key made a apache_server.csr and sent
this for signing by thawte.com
Recived a apache_server.crt
Created a client.key and a client.csr
Signed it with my apache_server.key and apache_server.crt
Converted the client.key,crt to a pkcs12 file and imported this into my
browser but i can not make things work.
SSL works fine on the server on pages that does not require SSL client auth.
A I stated earlier, IT works when I create and self sign a CA, but I cant
make it work when I use a 3rd party CA and only have apache_server.key,
apache_server.crt , thawte root cert.
Best regards
Wizkidnono
–œ…â'µêßiÇ ê^�$‹š‡l²\0Âj²Éh®,z´®¦š+´Æ¢–)à.+-š‡l²[¬z»&¡Û,–Šàëh™«^t¸¬´Æ§j«™¨èÚ&¢j²Éh®
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
modssl-users@...
Automated List Manager
majordomo@...
