Just my Blog

Entries from May 2009

Quicksearch


Powered by

Serendipity PHP Weblog

Creative Commons

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Blog Administration

Open login screen

Require client-SSL certificate for certain content.

Wednesday, May 20. 2009


On a kind of "intranet" website, which is secured with username/password combinations and HTTPS I've implemented the next feature:

- Authorized users can read everything on the website

- Files with in their filename "classified" requires a valid SSL-Client certificate...

Here is the output of my apache config:

<Directory /usr/sites/ssl-site/intranet/htdocs>
  Options Indexes MultiViews
  AllowOverride Authconfig
  Order allow,deny
  Allow from all
  AuthName "intranet"
  AuthType "Basic"
  AuthUserFile /usr/sites/ssl-site/intranet/etc/users.pwl
  require valid-user
</Directory>

<LocationMatch .*(c|C)(l|L)(a|A)(s|S)(s|S)(i|I)(f|F)(i|I)(e|E)(d|D).+>
  SSLVerifyClient require
  SSLVerifyDepth 1
  SSLOptions +OptRenegotiate
</LocationMatch>

I still have to sort out some issues, like directories having a directory with the name "classified" in them.

Posted by Pieter de Rijk in Linux/Unix/BSD, Security, System Op stuff, Work at 15:53

How to add your own Root CA certificate in Windows Vista

Wednesday, May 20. 2009

What I tried so far... the certificates issued by my own CA were not accepted by any Microsoft application running on Windows Vista...

After some investigations, I found out that you must perform the next actions:

Run the command "certmgr.msc" and right click on Trusted Root Certificate Authorities → All Tasks → Import

And simply follow the wizard to import the certificate :-)


Posted by Pieter de Rijk at 15:47

Our own 'Private Enterprise Number' from IANA - 33413

Sunday, May 3. 2009

Some week ago, I've requested @ IANA a "Private Enterprise Numer" (RFC2865) aka Vendor ID.

A few days ago, I received the confirmation, that I am the "owner" of the numer 33413.... you can validate this on their website (scroll alert) ;)

Posted by Pieter de Rijk at 20:14
(Page 1 of 1, totaling 3 entries)

Competition entry by David Cummins powered by Serendipity v1.0

Twitter

paderijk: @iPadNL / @PlanetAndroid iPhone webinterface is broken again :'( Same issue as yesterday evening.

paderijk: RT @SophieintVeld: de twee potentiële kabinetspartners hadden vertrouwen in elkaar. Maar de gedoger beslist dus blijkbaar.

paderijk: RT @SophieintVeld: Vrijheid van meningsuiting geldt vlgs Wilders kennelijk niet voor Kamerleden

paderijk: @PowerDNS_Bert ik zag een 'update' van je LinkedIN profiel dat je een twitter account gekoppeld had :-)

paderijk: @iPadNL and @PlanetAndroid just noticed that your iPhone web app implemention is broken :( http://twitpic.com/2kml3v

Some cool links


Archives

Categories



All categories

google Analytics