发表新帖
发表新帖

Difference Between SSLCACertificateFile and SSLCertificateChainFile

后端 未结
关注
2 1107
说谎
说谎 2021-01-30 02:04

I provide SSL pages on my web server, and I have a question. What is the difference between SSLCACertificateFile and SSLCertificateChainFile?

When I use SSLCertificateCh

2条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2021-01-30 02:33

    Actually, both may be valid options.

    Use SSLCertificateChainFile to publish your certificate signed by public certificate authority (VeriSign, RapidSSL, etc.)

    Use SSLCACertificateFile to provide your 'private' CA, that can issue client certificates, that you can distribute to some selected users. These client certificates are actually great for authentication (compared with the basic password authentication), and typically are not required to be distributed by a public CA (hence you can save some money).

    So, if you want to add secure authorization to some portion of your web site, do this:

    
  SSLVerifyClient require
  SSLVerifyDepth  5

  SSLOptions +StrictRequire
  SSLUserName SSL_CLIENT_S_DN_CN
  SSLRequireSSL

    Just for short explanation SSLUserName SSL_CLIENT_S_DN_CN will set the authenticated user name to certificate's CommonName, versus the whole x509 '/OU=Foo/CN=...' subject.

    0 讨论(0)
 看不清?
提交回复
热议问题