I have a web server (Apache) and configured a CA on this machine to create self-signed ssl client certificates (via openssl). Because the web server is in the DMZ, my question is: Is there any way to create the ssl client certs on a different machine (in the internal network) and can the web server in the DMZ be configured to use these certs?
Asked
Active
Viewed 223 times
1 Answers
0
Yes, you can (but you will of course need the CA key). It doesn't matter on which host you create a certificate.
E.g. when you purchase a certificate from a trusted CA they create it on another machine, possibly on another continent :)
Martin
- 37,119
- 15
- 73
- 82