Ask for Client Certificate

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
mendex
Forum Newbie
Posts: 2
Joined: Wed Dec 02, 2009 10:54 am

Ask for Client Certificate

Post by mendex »

Hi guys,

I'm creating a page that needs client certificate.

My PHP page is:
<?php print_r(openssl_x509_parse($_SERVER[SSL_CLIENT_CERT])); ?>

In http.conf file:
<VirtualHost 127.0.0.1:443>
ServerName apache
DocumentRoot "C:\Program Files\Apache Group\Apache2\htdocs"
DirectoryIndex index.php

SSLCertificateFile "C:\Program Files\Apache Group\Apache2\conf\server.crt"
SSLVerifyClient require
SSLVerifyDepth 10

<Directory "C:\Program Files\Apache Group\Apache2\htdocs">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>

The PHP function returns a value, but the page doesn't ask me the certificate. I've tried in IE and Firefox.

Anyone knows what i'm missing?
mendex
Forum Newbie
Posts: 2
Joined: Wed Dec 02, 2009 10:54 am

Re: Ask for Client Certificate

Post by mendex »

Hello again,

Problem partial solved...?

I was accessing the weong file:

I change the httpd.conf:

Code: Select all

 
<VirtualHost 127.0.0.1:80>
    ServerName apache
    DocumentRoot "C:\Program Files\Apache Group\Apache2\htdocs"
    DirectoryIndex index.php
    
    SSLEngine       on
    SSLProtocol     all
    SSLCertificateFile "C:\Program Files\Apache Group\Apache2\conf\server.crt"
    SSLCertificateKeyFile "C:\Program Files\Apache Group\Apache2\conf\server.key"
    SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StdEnvVars
    SSLVerifyClient require
    SSLVerifyDepth  10
 
    <Directory "C:\Program Files\Apache Group\Apache2\htdocs">
        AllowOverride All
        Allow from All
    </Directory>
</VirtualHost>
 
But i continue tith problem unsolved.
Now i'm getting "Internet Explorer cannot display the webpage" when i'm accessing to "https://127.0.0.1/ccv2.php"
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Ask for Client Certificate

Post by kaisellgren »

You are missing CA Certificate file from your config. Not sure if that's the problem.

Code: Select all

<VirtualHost _default_:443>
... 
SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt
...
</VirtualHost>
Post Reply