I have a working pound setup with a wildcard server cert.

I am trying to get client side certificates working and am using openssl to 
generate the CA and the client keys.  I have had no luck and am not even far 
enough along to ask for constructive help.  So I was wondering if someone has 
created a cookbook for this.

If so great, if not I will keep plugging away.

I guess one question that I do have is does the server cert need to be signed 
by the same CA as the one for the client keys? Because, the server cert I am 
using was signed by a real CA and the CA I am using for the CAList is self 
generated via openssl.

Thanks,

Craig

This might be a little bit off but I just did this last week for our  
wildcard *.domain.com cert.
I had assumed the process would be complicated and involve some  
incantation of the openssl tools  but this worked fine -- cat  
together your server cert with the issuing cert, to complete the  
chain like this:

~#  cat server.crt sf_issuing.crt > /etc/pound/pound.crt

Regards,
-Nathan

On Dec 7, 2006, at 2:22 PM, Craig Servin wrote:
[...]

These certs should work independent from each other and thus not need similar
CA's.

-----Original Message-----
From: Craig Servin [mailto:cservin(at)cromagnon.com] 
Sent: Thursday, December 07, 2006 3:23 PM
To: pound(at)apsis.ch
Subject: [Pound Mailing List] Client Side Certificates

I have a working pound setup with a wildcard server cert.

I am trying to get client side certificates working and am using openssl to 
generate the CA and the client keys.  I have had no luck and am not even far 
enough along to ask for constructive help.  So I was wondering if someone has 
created a cookbook for this.

If so great, if not I will keep plugging away.

I guess one question that I do have is does the server cert need to be signed 
by the same CA as the one for the client keys? Because, the server cert I am 
using was signed by a real CA and the CA I am using for the CAList is self 
generated via openssl.

Thanks,

Craig
[...]