[Macpartners] setting up PHP authentication via client certificates
Josh Aresty
jaresty at MIT.EDU
Fri Apr 6 12:33:55 EDT 2007
Hi all,
I was wondering if anyone here can point me to a good reference on how to
configure Apache, OpenSSL, and client certificates at MIT.
I've been to http://web.mit.edu/apache-ssl/www/README.certificate and to
http://nazzim.mit.edu/developers/article.php?story=20051221094844208
and while I have been able to get mod_ssl up and running using the OS X
server certificates interface, phpinfo() still does not show the
SSL_DN_Client_Email or other SSL variables I would expect to see. I don't
completely understand how certificates work, and I prefer to use the OS X
server interfaces for Apache because OS X server has a quirky way of
choosing how to organize sites (and that makes me nervous to move things
around too much).
The section of the apache configuration that seems to be concerned with this
says:
<IfModule mod_ssl.c>
SSLEngine On
SSLLog "/var/log/httpd/ssl_engine_log"
SSLCertificateFile "/System/Library/OpenSSL/certs/dev-
llarc.pem"
SSLCertificateKeyFile
"/System/Library/OpenSSL/private/server_key.pem"
SSLCipherSuite
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL"
SSLCACertificateFile
"/System/Library/OpenSSL/certs/mitca.crt"
SSLCertificateChainFile
"/System/Library/OpenSSL/certs/mitca.crt"
</IfModule>
Can anyone offer me insight? The dev-llarc file is the file I received
after generating the request, and the server_key is the other file that was
generated before (and I did not send it to mitcert at mit.edu). mitca.crt is
from the MIT certificates page.
I would also appreciate chatting on the phone, or in person if you have the
time. Thanks.
Best,
~Joshua Aresty
MIT LLARC Programmer/Analyst
3-4598
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/macpartners/attachments/20070406/b56cf15f/attachment.htm
More information about the Macpartners
mailing list