|
Posted by Rob Skedgell on January 9, 2006, 10:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
wrote:
> If you connect to an SSL secure site that does not have a
> certificate from one of the big CAs, or the certificate has
> expired, you get asked if you will accept the certificate or not.
>
> I implemented an SSL site at
>
> https://www.3gshare.info/
>
> which is for private use, so such messages are not an issue.
>
> However, is it possible to configure the site such that unless you
> have already have a certificate on your machine, you are unable to
> connect? i.e the user has no choice to accept it or not - they
> either have it, or they can't connect?
>
> I don't think this is possible, but if it is, please let me know
> how. The server runs Apache 2.x.
Could you use the mod_ssl "SSLRequireSSL" and "SSLVerifyClient
require" directives together with SSL/TLS client certificates you
generate, sign & issue? I haven't tried this myself, but
<http://httpd.apache.org/docs/2.0/mod/mod_ssl.html> might be a good
place to start.
--
From: address is a spamtrap, Reply-To: is valid.
GnuPG/PGP: 7DA3 1579 C0DD 8748 C05A B984 E2A2 3234 D14B 6DD7
| 
XML site map