{"id":223,"date":"2015-12-10T21:05:10","date_gmt":"2015-12-10T18:05:10","guid":{"rendered":"http:\/\/meekconsulting.com\/?p=223"},"modified":"2022-01-08T16:26:32","modified_gmt":"2022-01-08T13:26:32","slug":"find-out-what-cas-a-webserver-will-accept","status":"publish","type":"post","link":"https:\/\/meekconsulting.com\/?p=223","title":{"rendered":"Find out what CAs a webserver will accept"},"content":{"rendered":"<p>Here is a handy command to find out what CAs are accepted by a website. \u00a0When your website is configured to require client PKI certificates with the SSLVerifyClient require directive, it will only accept client certificates issued by CAs that you trust as defined in your\u00a0SSLCACertificateFile \u00a0directive.<\/p>\n<p>We usually set our up like this:<\/p>\n<blockquote><p>SSLCACertificateFile \/etc\/httpd\/ssl\/ca-bundle.crt<\/p><\/blockquote>\n<p>If you want to verify what is in that file for a remote host without going to the server you can run this command from any client. \u00a0It will simulate a web client and the server tells it what CAs are trusted and it will print them out. \u00a0Pretty neat!<\/p>\n<blockquote><p>openssl s_client -showcerts -connect beta.usecobra.com:443 \u2013prexit<\/p><\/blockquote>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here is a handy command to find out what CAs are accepted by a website. \u00a0When your website is configured to require client PKI certificates with the SSLVerifyClient require directive, it will only accept client certificates issued by CAs that &hellip; <a href=\"https:\/\/meekconsulting.com\/?p=223\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/posts\/223"}],"collection":[{"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=223"}],"version-history":[{"count":2,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions"}],"predecessor-version":[{"id":229,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions\/229"}],"wp:attachment":[{"href":"https:\/\/meekconsulting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meekconsulting.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}