httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <>
Subject Re: [users@httpd] Apache 2.2.3 and PKI Token certificate Authentication
Date Wed, 03 Nov 2010 16:45:10 GMT

On Nov 3, 2010, at 9:31 AM, Saravanan Kannan wrote:

> We need some guidance (or) installation steps on how to implement the PKI token certificates
with Apache Web Server 2.2.3 for authentication purposes. Currently our production environment
uses the iPlanet 6.1 webserver and Weblogic 10.0 as the application layer. The iPlanet 6.1
webserver will be migrated to Apache 2.2.3 and the PKI Token certificate will be configured
for the authentication. We currently do not have expertise in our group in how to configure
the Apache 2.2.3 webserver with the PKI token certification for authentication. Any reference
materials or steps invovled in configuring the PKI Token certificate for authentication will
be helpful.

Apache comes with mod_ssl, which runs on top of OpenSSL.  OpenSSL uses PEM-encoded key and
certificate files: it does not have the concept of a Token like iPlanet does.  

You need to export the key, certificate and certificate chain from the Token into PEM files
for use by Apache.  

There is a module called mod_nss which uses the Netscape Security Library, the same crypto
back-end used by iPlanet.  This should allow you to use the same Token that you currently
use.  It was created by Red Hat, so I don't know if it's available on SuSE.  I have not tried

> OS = Linux ( SLES 10 MP2)
> Apache Version = 2.2.3

Are you using Apache 2.2.3 as it came with your operating system?  If you downloaded and installed
it yourself, keep in mind that 2.2.3 is quite old and we have released new versions since.
 If you got it from SuSE, they will update it for you.


Sander Temme
PGP FP: FC5A 6FC6 2E25 2DFD 8007  EE23 9BB8 63B0 F51B B88A

View my availability:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message