Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does client cert authentication work on per directory basis?

Tags:

ssl

apache

client-certificates

Based on the documentation Apache allows to request a client cert authentication for one directory and don't request it for another directory. http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients

How is it possible?

I assumed that first TLS/SSL does a handshake (including client certificate validation) and only after it, HTTP request is sent over secured channel. And this HTTP request contains a URL.

So, it looks like to get a URL (a diretory) you need to do (or skip) client certificate authentication.

So, it's not clear for me, how can Apache check URL first and decide later whether to request a client cert authentication or not.

like image 719
Victor Ronin Avatar asked Mar 11 '14 17:03

Victor Ronin

People also ask

How does client certificate authentication works?

Your client sends its client authentication certificate to the web server. This is where the client authentication part of the SSL/TLS handshake occurs. This enables mutual authentication between the server and client. The server verifies the certificate is legitimate and valid.

What is client certificate-based authentication?

What Does Client Authentication Certificate Mean? A client authentication certificate is a certificate used to authenticate clients during an SSL handshake. It authenticates users who access a server by exchanging the client authentication certificate.

How does server and client certificate authentication work?

A server certificate is sent from the server to the client at the start of a session and is used by the client to authenticate the server. A client certificate, on the other hand, is sent from the client to the server at the start of a session and is used by the server to authenticate the client.

How do server client certificates work?

Client certificates tend to be used within private organizations to authenticate requests to remote servers. Whereas server certificates are more commonly known as TLS/SSL certificates and are used to protect servers and web domains.

1 Answers

It uses SSL/TLS renegotiation: the server sends a TLS Hello Request message to ask the client to trigger a new handshake by sending a new Client Hello message (and this time the server will send a Certificate Request after its Server Hello message).

The Hello Request message could in principle happen at any time during the HTTP exchange. For this particular feature, the server sends it just after receiving the request (therefore knowing which resource was requested), but before sending its response.

like image 57
Bruno Avatar answered Sep 19 '22 13:09

Bruno
Sign in to Comment

Related questions

Base64 Encoding Basic Authentication Header Apache HTTP Client
Why is Apache removing multiple slashes?
Custom 404 error page -- for PHP pages only
Disabling output buffering in PHP
GET method and PHP
Guide to setting up Apache2 with multiple distinct Tomcat 7 instances
How do I load a SVG file that's been generated with PHP?
Use sed to uncomment a line in httpd.conf
PHP script executes twice when longer than 60 seconds
Apache2 server mime types
Can apache flume hdfs sink accept dynamic path to write?
S3-php5-curl on AWS EC2 instance - requested domain name does not match the server's certificate
ruby sinatra remote connection
Can you load an apache module from the .htaccess file?
Apache mod_rewrite path name as query parameters?
Apache Server: Editing httpd.conf file (permission denied)
HTTP File Download: Monitoring Download Progress
Is it possible to run a Node script from a web page?
How to run multiple Test Group in single .jmx using jmeter
Apache POI -- inserting data into specific column/rows and sheets EXCEL w/ Java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!