[mod_gnutls-devel] Certificate-based authentication
marc.ende at ymail.com
Wed May 7 07:45:26 CEST 2014
within one of my servers I use certificate based authentication. Everything
works great but without a simple thing:
* If I log in with a certificate which is signed by the ca mentioned in
GnuTLSClientCAFile the access is granted as expected.
* If I log in with a certificate which is NOT signed by the ca mentioned in
GnuTLSClientCAFile the access is also granted (not expected).
The second one was signed by the CA which has signed the certificate of the
webserver himself. I haven't tested this with a certificate which was signed by
someone else. But also in this case I wouldn't be happy with the fact that
everyone with a signed certificate of this (webserver-)CA has access.
May be I've got an issue in my configuration....
GnuTLSCertificateFile /etc/apache2/ssl/webserver.cert <-Webserver-CA
GnuTLSClientCAFile /etc/apache2/ssl/site.ca.asc <-ClientCA
Thanks for your help
More information about the mod_gnutls-devel