Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to do client certificate authentication with Apache

Tags:

authentication

certificate

ssl

apache

The question is very clear but I did not find any useful tutorial online. So I wish I could have some luck here.

Basically, I want to build a client certificate authentication with Apache. I configured the conf file for Apache for the site I am hosting. The conf I put is here:

SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/apache2/ssl/client.crt

However I have no idea how to generate the certificate and key file for the client. And also, what file should I put on the SSLCACertificateFile in the Apache server configurations?

Does the server simply compare the certificate file sent from client with the certificate file on the server? What exactly the client certificate authentication is doing ?

like image 732
user3354832 Avatar asked Jul 03 '14 01:07

user3354832

People also ask

How do I set client authentication?

Go to the Advanced Settings section of the page and scroll down to the SSL/TLS subsection. Select the required Client Authentication mode. Required: The server requests the client for a certificate; if the client does not provide a certificate, the connection is closed.

How does client authenticate server certificate?

SSL-enabled client software always requires server authentication, or cryptographic validation by a client of the server's identity. The server sends the client a certificate to authenticate itself. The client uses the certificate to authenticate the identity the certificate claims to represent.

1 Answers

You'll find instructions on how to create a CA cert and certs signed by this CA cert here: http://pages.cs.wisc.edu/~zmiller/ca-howto/

Things go like this:

  • you setup your root CA key and cert
  • client generates his private key and certificate request
  • they send you the certificate request
  • you generate the certificate using the certificate request, your root CA cert and root CA key
  • you return the certificate to the client

You can then check that the client presents a certificate which is "signed" by the CA.

like image 88
jcaron Avatar answered Oct 25 '22 07:10

jcaron
Sign in to Comment

Related questions

WordPress post text corruption
HTTP Digest Authentication
Is memcache suitable for passing user details from Apache to Node.js
LiteSpeed vs Apache httpd [closed]
PHP session and memcacheD
Maven: Relationship between Lifecycle Phase & Goal
The site specified an invalid Strict-Transport-Security header - firebug
Apache proxy load balancing backend server failure detection
Hello World in mod_wsgi
Secure static media access in a Django site
PHP application + WebSocket based notifications over Socket.IO
How to read from merged cells of Excel in Java using Apache POI?
Apache 2.4 set mime type of file without extension
Cookies across subdomains and hosts
PHP error log and newline chars
How to use vhosts alongside node-http-proxy?
what is ^@ character in vi?
IIS equivalent of VirtualHost in Apache
Why is Apache's RewriteRule revealing local paths?
Sending redirect in Tomcat web application behind a Apache 2 proxy (mod_proxy)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!