[CentOS] Certificates Revocation Lists and Apache...

nate centos at linuxpowered.net
Wed Nov 4 16:53:34 UTC 2009


John Doe wrote:

> The goal is to be able to distribute client certificates to filter web
> access to certain resources.

How about using just basic user names and passwords? Seems a lot
simpler. Client certs can really make things messy and complicated,
I worked with them a bunch several years ago, ENDLESS headaches, and
we weren't using CRL formally at least, the application had a sort
of CRL built into it, where we specifically registered certain
CN's with the app, and apache just acted as a pass through mechanism
to the app(which was java/tomcat).

http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html

nate



More information about the CentOS mailing list