[CentOS] Certificates Revocation Lists and Apache...
nate
centos at linuxpowered.net
Wed Nov 4 16:53:34 UTC 2009
John Doe wrote:
> The goal is to be able to distribute client certificates to filter web
> access to certain resources.
How about using just basic user names and passwords? Seems a lot
simpler. Client certs can really make things messy and complicated,
I worked with them a bunch several years ago, ENDLESS headaches, and
we weren't using CRL formally at least, the application had a sort
of CRL built into it, where we specifically registered certain
CN's with the app, and apache just acted as a pass through mechanism
to the app(which was java/tomcat).
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
nate
More information about the CentOS
mailing list