Aaron <aaron@core-dev.com> [2003:10:04:15:02:38-0400] scribed: > Michael D Schleif <mds@helices.org> said, > > We are working on a web-based application. It will use mod_ssl to > > secure transactions. > > > > We want to limit access to the application. Yes, we have > > username/password authentication; but, we are also considering > > host-based limits. > > > > Can this be done with [mod_]ssl? Can access to a website require a > > certificate on the browser side? If so, please, point me in the right > > direction (e.g., URL's, documentation, applications, &c.) > > Dare I suggest www.apache.org? Yes, you may. I have reacquainted myself with this: <http://httpd.apache.org/docs/misc/FAQ.html#dnsauth> However, I am wondering whether or not this can be done with SSL-type certificates? I admit that I have not gone completely through all of the mod_auth* alternatives . . . I am clear how SSL certificates establish trust -- client/browser trust of the remote webserver/application. Can this be inverted? Can the webserver/application establish trust of the client/browser via certificates, or something similar? We are looking for some authentication of the client side that does *not* require userland interaction. If this is google-able, please, help me with search criteria . . . What do you think? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
Attachment:
pgpBPnitbYbl_.pgp
Description: PGP signature