Apache Client/Server SSL Authentication
In /etc/httpd/ssl.cert/server
openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key
openssl x509 -trustout -signkey server.key -days 365 -req -in server.csr -out server.pem
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "02" > server.srl
In /etc/httpd/ssl.cert/clients
openssl req -new -newkey rsa:2048 -nodes -out client.req -keyout client.key
openssl x509 -CA ../server/server.pem -CAkey ../server/server.key -CAserial ../server/server.srl -req -in client.req -out client.pem -days 365
openssl pkcs12 -export -clcerts -in client.pem -inkey client.key -out client.p12 -name "Client Certificate"
Import client.p12 into your browser
Add to /etc/httpd/httpd.conf
<VirtualHost *:443>
DocumentRoot /httpd/sites/ssl.site/htdocs
ServerName ssl.site
ServerAdmin ssl@site.xx
ErrorLog /httpd/logs/ssl.site-error_log
CustomLog /httpd/logs/ssl.site-access_log common
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 1
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile /etc/httpd/ssl.cert/server/server.pem
SSLCertificateFile /etc/httpd/ssl.cert/server/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.cert/server/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /httpd/logs/ssl.site-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key
openssl x509 -trustout -signkey server.key -days 365 -req -in server.csr -out server.pem
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
echo "02" > server.srl
In /etc/httpd/ssl.cert/clients
openssl req -new -newkey rsa:2048 -nodes -out client.req -keyout client.key
openssl x509 -CA ../server/server.pem -CAkey ../server/server.key -CAserial ../server/server.srl -req -in client.req -out client.pem -days 365
openssl pkcs12 -export -clcerts -in client.pem -inkey client.key -out client.p12 -name "Client Certificate"
Import client.p12 into your browser
Add to /etc/httpd/httpd.conf
<VirtualHost *:443>
DocumentRoot /httpd/sites/ssl.site/htdocs
ServerName ssl.site
ServerAdmin ssl@site.xx
ErrorLog /httpd/logs/ssl.site-error_log
CustomLog /httpd/logs/ssl.site-access_log common
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 1
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile /etc/httpd/ssl.cert/server/server.pem
SSLCertificateFile /etc/httpd/ssl.cert/server/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.cert/server/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /httpd/logs/ssl.site-request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
posted by TAS at
10:41 PM
0 Comments:
Send en kommentar
<< Home