[Nagiosplug-devel] ssl & client certs

Jason Martin jhmartin at toger.us
Tue Aug 24 17:32:13 CEST 2004


On Tue, Aug 24, 2004 at 05:18:47PM -0700, Harper Mann wrote:
> Doesn't the -S (--ssl) switch work?
No; you're thinking of a SSL server with just server
certificates. I'm referring to the situation where  both the
server and the client are required to provide certificates. The
output from openssl s_server includes the data:

---
Acceptable client certificate CA names
/C=US/ST=WA/L=blah/O=blah/OU=blah/CN=blah
---

This happens when the webserver is set to validate the client.
The apache option for this is
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifyclient
SSLVerifyClient

If I was using wget I would need to use the following options:
       --sslcertfile=FILE     optional client certificate.
       --sslcertkey=KEYFILE   optional keyfile for this certificate.
       --sslcerttype=0/1      Client-Cert type 0=PEM (default) / 1=ASN1 (DER)

-Jason Martin
-- 
The most expensive component is the one that breaks.
This message is PGP/MIME signed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://nagios-plugins.org/archive/devel/attachments/20040824/6b4da8ad/attachment.sig>


More information about the Devel mailing list