I'm using apache2 (2.2.3) to serve a site where I'd like to have clients authenticate with certificates. Since I only need to verify that a user presenting a particular certificate is the same user who has presented that certificate in the past, the CA signing the certificate is irrelevant. It seems, though, that using SSLVerifyClient require
requires SSLCACertificateFile ...
(or SSLCACertificatePath ...
), and then apache will only accept certificates signed by a CA in that file/path. Is there a way to get apache to accept any client certificate, regardless of the issuing/singing CA? (i.e. verify that the client has the corresponding private key to the presented public key, but not bother verifying the issuing/signing CA)
Apache SSL – How to Request Client SSL Certificate Without Verification
apache-2.2certificatesslssl-certificate
Related Topic
- Ssl – Browser not asking for client certificate
- Can’t get self-signed CA cert to request corresponding client cert; Apache
- Centos – Setup client certificate verification in an Apache webserver via SSLVerifyCilent on a Centos 6.5+ server
- Ssl – How to make Apache trust a client certificate using an unknown CA, without validating the CA
- Ssl – Enforcing client verification in Apache just for a specific client certificate
- Nginx – client SSL certificate verify error: (27:certificate not trusted)
- Apache client authentication: browser not sending certificate when CA name not matching by case
Best Answer
As you've found, you can disable the certificate verification at the SSL/TLS handshake level within Apache Httpd by using
SSLVerifyCLient optional_no_ca
.The second problem you're going to face with what you're trying to do is to get the client to send the certificate. Since your certificate are not intended to be within a PKI, they could be self-signed and have various issuers.
When requesting a client-certificate, the server sends a
CertificateRequest
TLS message to the client during the handhsake. This message contains thecertificate_authorities
list:Browsers use this to choose which client certificate to send (if any).
(Note that the part about the empty list is only in the specification from TLS 1.1 onwards. SSL 3.0 and TLS 1.0 are silent on this, and in practice, it will also work.)
You get two options for this.
If the client certificates you expect are going to be self-signed, they will all have different issuers. Because you won't know what to expect, the server will need to send an empty list. To do this, use the
SSLCADNRequestFile
directive and point it to a file that contains just an empty line (if I remember well, it doesn't work with a completely empty file).The second (less clean) option. Is to agree on an Issuer DN common to all the client certificates you expect, whether or not they have indeed been issued by that CA certificate (or whether or not that CA even exists). By doing so, you'd be breaking the PKI model considerably (more).
If you agree on an Issuer DN like
CN=Dummy CA
(for example). Anyone can build a self-signed certificate usingCN=Dummy CA
as Subject DN (and Issuer DN), possibly with different keys. Although theSSLCADNRequestFile
directive expects to be configured with certificates to build the list, these are not used to verify the client-certificate at all, it's just a complicated (but natural in the context of the other directives) way of configuring thecertificate_authorities
list. If you, as a service, puts a self-signed cert with these names inSSLCADNRequestFile
, this will make theCertificateRequest
TLS message useCN=Dummy CA
in thecertificate_authorities
list (these are just names, not certs at this stage). The client will then be able to pick up its own certificate with Issuer DNCN=Dummy CA
, whether or not its signature could be verified by that certificate (same keys) or not, since no signature verification is involved in these steps anyway.This being said, remember that with
SSLVerifyCLient optional_no_ca
, no real certificate verification is made (I suppose you could check theSSL_CLIENT_VERIFY
variable if your manual verification is just a fallback solution to a PKI you have configured anyway). All you'll know at that stage is that the client has the private key for the public key certificate it has presented (guaranteed by the TLSCertificateVerify
message): you will need to perform some form of verification if you want there to be authentication of some sort. (You can't trust any of the content of the certificate, that is any of the binding between its public key and the names/attributes it contains.)This won't work well for files, but you can do this for an application (e.g. PHP/CGI/... even Java if you pass the certificate to the proxied Java server). One basic way would be to have a pre-known list of public keys, or you could look at the ideas in FOAF+SSL/WebID.