How to configure apache to accept any user certificates?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dummy 2
Forum Newbie
Posts: 5
Joined: Wed Mar 11, 2009 7:33 am

How to configure apache to accept any user certificates?

Post by Dummy 2 »

I am trying to get user certificate by $_SERVER[’SSL_CLIENT_CERT’] and send it to another web server for authentication.
So far I changed httpd-ssl.conf to accept any user certificate
<VirtualHost _default_:443>
SSLEngine on
ServerSignature On
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:!SSLv2:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/
</VirtualHost>

My clients internet explore shows all the availbale certificates when they access my https://localhost/ server. They choose one and submit it to https://localhost/testldap.php.
Where scripts are
<?php
$ssl=openssl_x509_parse($_SERVER[’SSL_CLIENT_CERT’]);
print_r($ssl);
?>

But here $_SERVER[’SSL_CLIENT_CERT’] and other $_SERVER[’SSL_SERVER_CERT’] parameters are empty. I don;t know why. Please help me to solve it!!!
Dummy 2
Forum Newbie
Posts: 5
Joined: Wed Mar 11, 2009 7:33 am

Re: How to configure apache to accept any user certificates?

Post by Dummy 2 »

I am trying to get user certificate by $_SERVER[’SSL_CLIENT_CERT’] and send it to another web server for authentication.
So far I changed httpd-ssl.conf to accept any user certificate
<VirtualHost _default_:443>
SSLEngine on
ServerSignature On
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:!SSLv2:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/
</VirtualHost>

My clients internet explore shows all the availbale certificates when they access my https://localhost/ server. They choose one and submit it to https://localhost/testldap.php.
Where scripts are
<?php
$ssl=openssl_x509_parse($_SERVER[’SSL_CLIENT_CERT’]);
print_r($ssl);
?>

But here $_SERVER[’SSL_CLIENT_CERT’] and other $_SERVER[’SSL_SERVER_CERT’] parameters are empty. I don;t know why. Please help me to solve it!!!
Dummy 2
Forum Newbie
Posts: 5
Joined: Wed Mar 11, 2009 7:33 am

Re: How to configure apache to accept any user certificates?

Post by Dummy 2 »

I am trying to get user certificate by $_SERVER[’SSL_CLIENT_CERT’] and send it to another web server for authentication.
So far I changed httpd-ssl.conf to accept any user certificate
<VirtualHost _default_:443>
SSLEngine on
ServerSignature On
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:!SSLv2:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/
</VirtualHost>

My clients internet explore shows all the availbale certificates when they access my https://localhost/ server. They choose one and submit it to https://localhost/testldap.php.
Where scripts are
<?php
$ssl=openssl_x509_parse($_SERVER[’SSL_CLIENT_CERT’]);
print_r($ssl);
?>

But here $_SERVER[’SSL_CLIENT_CERT’] and other $_SERVER[’SSL_SERVER_CERT’] parameters are empty. I don;t know why. Please help me to solve it!!!
My original task is to develop login page by using public key infrastructure. But the server which issues the client's private key is not my organization.
And I am only allowed to connect their web server by sending the user's client certificate (who logged in my web site) and getting the information about my user's certificate
Post Reply