[mod_gnutls-devel] Certificate-based authentication
marc.ende at ymail.com
Wed May 7 07:48:40 CEST 2014
I've missed the relevant information:
All standard installs by ubuntu 12.04.4 LTS
> within one of my servers I use certificate based authentication. Everything
> works great but without a simple thing:
> * If I log in with a certificate which is signed by the ca mentioned in
> GnuTLSClientCAFile the access is granted as expected.
> * If I log in with a certificate which is NOT signed by the ca mentioned in
> GnuTLSClientCAFile the access is also granted (not expected).
> The second one was signed by the CA which has signed the certificate of the
> webserver himself. I haven't tested this with a certificate which was signed
> by someone else. But also in this case I wouldn't be happy with the fact
> that everyone with a signed certificate of this (webserver-)CA has access.
> May be I've got an issue in my configuration....
> My configuration:
> GnuTLSEnable on
> GnuTLSExportCertificates on
> GnuTLSPriorities SECURE256:-CIPHER-ALL:+COMP-DEFLATE:-MAC-ALL:-MD5:-
> - CBC:+VERS-TLS1.2:+VERS-TLS1.1:+SHA512:+SHA384:+SHA256:+SHA1:+VERS-TLS1.0:
> GnuTLSCertificateFile /etc/apache2/ssl/webserver.cert
> <-Webserver-CA GnuTLSKeyFile /etc/apache2/ssl/webserver.key
> GnuTLSClientVerify require
> GnuTLSClientCAFile /etc/apache2/ssl/site.ca.asc <-ClientCA
> Thanks for your help
More information about the mod_gnutls-devel