I had implement a mutual certificate authentication and it worked successfully for following steps :
- create root ca (self-signed)
- create server certificate and sign it with ca private key
- create users certificates and sign them with ca private key
- import server.crt as "authority" to browser and user.crt as "your certificates"
configure ssl.conf to add those lines :
SSLCertificateKeyFile /home/safaa/rootca/certs/server.key SSLCertificateFile /home/safaa/rootca/certs/server.crt SSLCACertificateFile /home/safaa/rootca/certs/rootca.crt SSLVerifyDepth 10 SSLVerifyClient require
now I've added an Intermediate certificate to my flowchart and steps have became :
- create root CA (self-signed)
- create server CA and sign it with CA private key
- create server certificate and sign it with server CA private key
- create users certificates and sign them with server CA private key
- import server.crt as "authority" to browser and user.crt as "your certificates"
configure ssl.conf to add those lines :
SSLCertificateKeyFile /home/safaa/serverCA/certs/server.key SSLCertificateFile /home/safaa/serverCA/certs/server.crt SSLCACertificateFile /home/safaa/serverCA/certs/serverCA.crt SSLVerifyDepth 10 SSLVerifyClient require
now when I'm trying to restart httpd service : service httpd restart I'm getting
#sudo service httpd start Starting httpd: [FAILED] #sudo service httpd status httpd is stopped I have tried to comment & uncomment lines but I had failed to make it work
SSLCertificateChainFile /home/safaa/rootca/certs/rootca.crt SSLCACertificateFile /home/safaa/serverCA/certs/serverCA.crt also , every certificate I had generated I did a verification and all of them five me that verify is OK , I also changed owner and permissions for folders of rootca && serverCA and make them the same for ssl.conf p.s : I'm running my bash for php .
what have I missed ? someone had told me that I can use trusted repository in Linux instead of configuring ssl , is that possible ? where to add my ca to Linux to make it see it as verisign !?
