Page 1 of 1

How to configure apache to accept any user certificates?

PostPosted: 11. March 2009 13:09
by Dummy 2
I am trying to get user certificate by $_SERVER[’SSL_CLIENT_CERT’] and send it to another web server for authentication.
So far I changed httpd-ssl.conf to accept any user certificate
<VirtualHost _default_:443>
SSLEngine on
ServerSignature On
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:!SSLv2:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/
</VirtualHost>

My clients internet explore shows all the availbale certificates when they access my https://localhost/ server. They choose one and submit it to https://localhost/testldap.php.
Where scripts are
<?php
$ssl=openssl_x509_parse($_SERVER[’SSL_CLIENT_CERT’]);
print_r($ssl);
?>

But here $_SERVER[’SSL_CLIENT_CERT’] and other $_SERVER[’SSL_SERVER_CERT’] parameters are empty. I don;t know why. Please help to solve it!!!

Re: How to configure apache to accept any user certificates?

PostPosted: 12. March 2009 05:10
by Izzy
Which version of Windows?
Which version of XAMPP?
Both omitted.

Re: How to configure apache to accept any user certificates?

PostPosted: 12. March 2009 05:32
by Dummy 2
Which version of Windows?
Which version of XAMPP?
Both omitted.

Windows Vista Ultimate
Xampp-win32-1.7.0

Re: How to configure apache to accept any user certificates?

PostPosted: 15. March 2009 06:26
by Dummy 2
I am trying to get user certificate by $_SERVER[’SSL_CLIENT_CERT’] and send it to another web server for authentication.
So far I changed httpd-ssl.conf to accept any user certificate
<VirtualHost _default_:443>
SSLEngine on
ServerSignature On
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:!SSLv2:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/
</VirtualHost>

My clients internet explore shows all the availbale certificates when they access my https://localhost/ server. They choose one and submit it to https://localhost/testldap.php.
Where scripts are
<?php
$ssl=openssl_x509_parse($_SERVER[’SSL_CLIENT_CERT’]);
print_r($ssl);
?>

But here $_SERVER[’SSL_CLIENT_CERT’] and other $_SERVER[’SSL_SERVER_CERT’] parameters are empty. I don;t know why. Please help me to solve it!!!

Re: How to configure apache to accept any user certificates?

PostPosted: 17. March 2009 13:42
by Dummy 2
My original task is to develop login page by using public key infrastructure. But the server which issues the client's private key is not my organization.
And I am only allowed to connect their web server by sending the user's client certificate (who logged in my web site) and getting the information about my user's certificates

Re: How to configure apache to accept any user certificates?

PostPosted: 19. March 2009 20:44
by jfbyers
There is some good documentation here: http://www.garex.net/apache/
For a information you don't have to use the self-certification that is addressed you can use a cert issue by a CA and the CA Cert reference. In my case I have my own CA, so we use those certificates for USERS and the ROOT CA. This works well in your own organization.
John

Re: How to configure apache to accept any user certificates?

PostPosted: 25. March 2009 10:34
by Dummy 2
Guys It has worked. Everything was correct except in php code.
I shoud use directly print_r($_SERVER[SSL_CLIENT_CERT]);
or print_r($_SERVER);
But to find better solution u may visit this link https://foaf.me/testSSL.php (very usefull link u may test ur certifcicate as well)