[Fwd: Re: Can not get client side certificates to work]

Forwarding this info back to the dev list. :-)

Joe Orton, any thoughts?

attached mail follows:

> On Wed, 2004-02-11 at 11:55, Anders Blomdell wrote:
>
>> Does anybody have a server with working client-side certificates?
>
> Of course we do. Do you think we wrote the feature, but never tested
> it? :-)
No not really, badly phrased question, I meant:

Is there a server I could connect to (just to see if I get prompted for a
certificate from that server?)

> I use client-certs all the time with svn.
OK, the err is mine then...

>
> I think you'll need to give a lot more information about your setup.
> How is your server configured (httpd.conf)?

<Location /svn>
   DAV svn
   SVNParentPath /tmp/repos
   SSLVerifyClient require
   SSLCACertificateFile
/usr/local/packages/apache/2.0.48/conf/ssl.crt/ca.cert
</Location>

> How is your client
> configured (~/.subversion/servers)?
[groups]
clientcert = *

[clientcert]
ssl-authority-files = /tmp/clientcert/cacert.pem
ssl-client-cert-file = /tmp/clientcert/clientcert.p12

NB: cacert.pem is read (and probably understood, since removing
     "SSLVerifyClient require" makes it all work.

     clientcert.p12 is never opened (removing that line does not make
     it prompt for a certificate file)

> Tell us about your client-cert too (format)?
pkcs12

>
>
>
------------------------------------------------------------------------------
  Anders Blomdell
  Department of Automatic Control Email: anders.blomdell@control.lth.se
  Lund Institute of Technology Phone: +46 46 222 4625
  Box 118, S-221 00 Lund, Sweden Fax: +46 46 138118

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 11 19:46:33 2004