Article delegate-en/196 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Still not able to get working the client authorization in SSL proxy
03 Jan 1999 07:48:08 GMT Horia Georgescu <pyqaabdyi-e6yerocyrylr.ml@ml.delegate.org>
Oasis Technology Ltd.


A Happy New Year!

Here I am again, returning to the tests I've stared last year.
To recap, what I would like to achieve is to use delegated as a reverse 
SSL proxy, which authenticates SSL clients based on personal
certificates.

Based on the previously exchanged messages, I've been able to achieve 
so far:
- compile delegated on a Linux PC and test it as a regular http proxy
- compile SSLeay and sslway, generate the server certificates based on
http://wall.etl.go.jp/mail-lists/delegate-en/44, run delegated as a
SSL proxy and establish an non authenticated SSL connection between
my browser (MSIE) and delegated
- running "delegated -ac -client_auth" my browser's request was rejected
not having the appropriate certificate
 
What I was unable to achieve was to add a client certificate to my
browser
generated by using only SSLeay (actually using CA.sh, a shell wrapper
for ssleay, 
included in the distribution)

I've only been able to get those browser certificates installed in both 
MSIE and NS by using the information provided in the following
documents:

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html 
http://www.drh-consultancy.demon.co.uk/ca-fix.html

Which documents basically say that there is something wrong with the 
way SSLeay creates the certificates and provide a fix which works.

Getting back to delegated and using my newly generated cacert.pem and
cakey.pem 
certificates I'm unable to get the authentication working and I'm back
to the 
original behavior, when each time the client initiates a request, on the
proxy side
I'm prompted for a password (presumably because the cakey.pem is not 
understood properly).

I'm wondering if after such a long message I still can get any
compassion :-)
and more than that, some new suggestions.

Much obliged,
Horia Georgescu

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V