httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <>
Subject Re: [users@httpd] What verification does Apache do as part of SSLVerifyClient?
Date Sun, 09 Sep 2012 14:21:38 GMT
On Sun, Sep 9, 2012 at 8:59 AM, Pete Houston <> wrote:
> On Sun, Sep 09, 2012 at 08:36:30AM -0500, Tom Browder wrote:
>> So the client cert. does contain the private key?   Then its password
>> is all that is protecting it?
> No, the key is normally (but not always) kept separately.

So, if I generate the certs, I need to make sure I keep the key separate, too.

Note that I have intermediate agents who certifiy the emails (IDs) of
the recipients, plus I plan to have another authentication scheme
after the SSL cert (Persona).

Thanks, Pete.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message