Apache – How to do client certificate authentication with Apache

apacheauthenticationcertificatessl

The question is very clear but I did not find any useful tutorial online. So I wish I could have some luck here.

Basically, I want to build a client certificate authentication with Apache. I configured the conf file for Apache for the site I am hosting. The conf I put is here:

SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/apache2/ssl/client.crt

However I have no idea how to generate the certificate and key file for the client. And also, what file should I put on the SSLCACertificateFile in the Apache server configurations?

Does the server simply compare the certificate file sent from client with the certificate file on the server? What exactly the client certificate authentication is doing ?

Best Answer

You'll find instructions on how to create a CA cert and certs signed by this CA cert here: http://pages.cs.wisc.edu/~zmiller/ca-howto/

Things go like this:

you setup your root CA key and cert
client generates his private key and certificate request
they send you the certificate request
you generate the certificate using the certificate request, your root CA cert and root CA key
you return the certificate to the client

You can then check that the client presents a certificate which is "signed" by the CA.

For `localhost` only

Simply paste this in your chrome:

chrome://flags/#allow-insecure-localhost

You should see highlighted text saying: Allow invalid certificates for resources loaded from localhost

Click Enable.

-OR-

Try typing: thisisunsafe anywhere on the window and the browser *should* let you visit the page.[link]

Best Answer

Related Solutions

Android – “Debug certificate expired” error in Eclipse Android plugins

Google-chrome – Getting Chrome to accept self-signed localhost certificate

For localhost only

Related Topic

For `localhost` only