Settings Apache:
SSLEngine on SSLCertificateFile /home/frank/ssl/.b-nm.at.crt SSLCertificateKeyFile /home/frank/ssl/.b-nm.at.key SSLCertificateChainFile /home/frank/ssl/RapidSSL_CA_bundle.neu.ct.pem SSLCACertificateFile /home/frank/ssl/.b-nm.at.crt #SSLVerifyClient require #SSLVerifyClient optional SSLVerifyClient optional_no_ca SSLVerifyDepth 4 SSLOptions +StdEnvVars +ExportCertData
Creating the Client Certificate:
cp /etc/ssl/openssl.cnf ./openssl-for-signing-csrs.cnf #countryName_default auf "AT" setzen ... #http://stackoverflow.com/questions/16659197/how-to-sign-a-clients-csr-with-openssl#16675058 #80,82c80,82 #< countryName = match #< stateOrProvinceName = match #< organizationName = match #--- #> countryName = supplied oder optional #> stateOrProvinceName = supplied oder optional #> organizationName = supplied oder optional mkdir -p demoCA/newcerts touch demoCA/index.txt echo 1001 > demoCA/serial openssl genrsa -out client.key 4096 -sha256 openssl req -new -key client.key -out client.csr openssl ca -cert .b-nm.at.crt -keyfile .b-nm.at.key -out client.crt -in client.csr -config openssl-for-signing-csrs.cnf openssl pkcs12 -export -inkey client.key -name "Frank" -in client.crt -certfile .b-nm.at.crt -out client.p12
#PHP: ssltest.php
=====================
<pre><?php
print_r($_SERVER);
?></pre>
http://www.phpgangsta.de/client-zertifikate-als-sicherer-login-ersatz
http://cweiske.de/tagebuch/ssl-client-certificates.htm
http://cweiske.de/tagebuch/ssl-client-certificates.htm
