Issue 72 in svnbook: SSL certificate management explanation
svnbook at googlecode.com
svnbook at googlecode.com
Thu Feb 18 04:32:01 CST 2010
Status: New
Owner: christophe.nanteuil
Labels: Type-Defect Priority-Medium
New issue 72 by christophe.nanteuil: SSL certificate management explanation
http://code.google.com/p/svnbook/issues/detail?id=72
Hello,
About the Chapter 6, section "SSL certificate management", I think the text
about challenging a client certificate is not clear enough:
I would replace :
When talking to Apache, a Subversion client might also
receive a challenge for a client certificate. Apache is
asking the client to identify itself: is the client really
who it says it is? If all goes correctly, the Subversion
client sends back a private certificate signed by a CA that
Apache trusts. A client certificate is usually stored on
disk in encrypted format, protected by a local password.
When Subversion receives this challenge, it will ask you for
a path to the certificate and the password that
protects it
by (excuse my poor english):
The same way a Subversion client asks the Apache server a server
certificate to authenticate itself, a Subversion client might receive a
challenge from the Apache server. Apache is asking the client to
identify itself: is the client really who it says it is? If all goes
correctly, the Subversion client sends back a public certificate signed
by a CA the Apache server trusts, alongside with a proof that the client
owns the private key associated with the certificate (the challenge
response). The public certificate and the private key are usually stored
in a bag (a <quote>p12</quote> file, which means PKCS#12 format)
on the disk, the bag being protected by a passphrase (normally longer
therefore stronger than a password). When Subversion receives this
challenge, it will ask you for a path to the bag and the
passphrase that protects the private key.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
More information about the svnbook-dev
mailing list