From users-return-113041-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org  Thu Feb 25 11:59:08 2016
Return-Path: <users-return-113041-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5010D18882
	for <apmail-httpd-users-archive@www.apache.org>; Thu, 25 Feb 2016 11:59:08 +0000 (UTC)
Received: (qmail 52238 invoked by uid 500); 25 Feb 2016 11:58:49 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 52200 invoked by uid 500); 25 Feb 2016 11:58:49 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 52190 invoked by uid 99); 25 Feb 2016 11:58:49 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Feb 2016 11:58:49 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 0EC5AC0476
	for <users@httpd.apache.org>; Thu, 25 Feb 2016 11:58:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.179
X-Spam-Level: *
X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id YbvO665YebKh for <users@httpd.apache.org>;
	Thu, 25 Feb 2016 11:58:48 +0000 (UTC)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [209.85.214.169])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 828075F1E3
	for <users@httpd.apache.org>; Thu, 25 Feb 2016 11:58:47 +0000 (UTC)
Received: by mail-ob0-f169.google.com with SMTP id dm2so45769252obb.2
        for <users@httpd.apache.org>; Thu, 25 Feb 2016 03:58:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=7syH2S+8PASEU0rIyzY0AxslvJPAqXah74ypEWeAGVI=;
        b=OWnABsyQLCGZTNW2EGB7cXrjhL5pzhZo+yG4wzbMYv5i1GeUB/YuVG21b53E2Ds4oO
         L5RkARGM5t6+JoFTX5ilHH0r61Vqg9KvCtLGe5aDUVQ67rvCBxr+XnY8iYvJUqUL6VNg
         RvHhFDs6Txz6W3OR3MPchAenyRR8CEXMbHPPmgZ1BBj5hbEdOM2d2bIlJQF1e4qu6qhv
         adk8QdkJwAQ7tvWnI4mL+9+W2ITLgaYC69Yxmf1K6vR3VPaNrpYZH8vOlLNSL3gX1fab
         K5Md+4QTXGMcKxq66iEM8xkynvMHe7IbCNvOGhRARmZVLqGWoh5nH9nGzPoB3Rkb5PzG
         +17g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=7syH2S+8PASEU0rIyzY0AxslvJPAqXah74ypEWeAGVI=;
        b=QwQTYeRQiQlRpMEjU9sF/HMlbVhA1RM+z2a8fO/7v5aNgEeC4aXb+JYbw9DnDGRtWh
         AU1LlDa93UCucM5ZGgbjb/a3yBpeFKA6bPR2nM5SEWn5/X/AtxMsrmTTaH/SP/LRdt6n
         BuH3+bEISEQNk3nCfb2trFDXm6rtkNZgZr1qNLF2dDgF5cpqfAn3BrbvE5mpM4vW3NL/
         quwcbxh6+vhXEZXeRdGecxhRibQ1FNbko+/98f/xswRwD5u1QfQKoflwxipXc+leg3LW
         Hpn8wH8nyFeCDVQQd3jlYDBdJTsChccasdIC3HAS+HF52+dgDnJPhYSYc3ot5gSRHgvd
         NUmQ==
X-Gm-Message-State: AG10YORsmvEjRJCFzm48hEQ6V36LlVBQV9292PSTzTSuEdUb2RkyfOT0gAezcWmRudqMs2RmsdQ/StheIqHHag==
MIME-Version: 1.0
X-Received: by 10.60.57.193 with SMTP id k1mr36075128oeq.66.1456401526442;
 Thu, 25 Feb 2016 03:58:46 -0800 (PST)
Received: by 10.157.4.53 with HTTP; Thu, 25 Feb 2016 03:58:46 -0800 (PST)
Date: Thu, 25 Feb 2016 05:58:46 -0600
Message-ID: <CAFMGiz8ozR5vjrfY=SPVnYdxxZurJm_RNkHi1vvckOnqMvSZzg@mail.gmail.com>
From: Tom Browder <tom.browder@gmail.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary=089e013a02d4a25442052c96e7a7
Subject: [users@httpd] Is it possible to use two different client cert sets?

--089e013a02d4a25442052c96e7a7
Content-Type: text/plain; charset=UTF-8

I have a working system of client certs (which were signed using
SHA1) allowing access to a private area on a website. As we all know, soon
such certs will be a thing of the past since SHA2 will be required.

I have started generating the certs with SHA2, but want to know if can I
use both systems on the same site while I get my users to transition to
their new certs.

Thanks a heap!

Best regards,

-Tom

--089e013a02d4a25442052c96e7a7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I have a working system of client certs (which were signed using SHA1)=C2=
=A0allowing access to a private area on a website. As we all know, soon suc=
h certs will be a thing of the past since SHA2 will be required.<div><br></=
div><div>I have=C2=A0started generating the certs with SHA2,=C2=A0but=C2=A0=
want to know if=C2=A0can I use both systems on the same site while I get my=
 users to transition to their new certs.</div><div><br></div><div>Thanks a =
heap!</div><div><br></div><div>Best regards,</div><div><br></div><div>-Tom<=
/div>

--089e013a02d4a25442052c96e7a7--