mod_ssl certificate (mutual) authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OS : Debian 10.9
Apache : 2.4.38 (from repo)

I presume I've missed something (obvious) in the doc, but the following setup doesn't work for me and I believe it should : 

<Directory /opt/wwwdoc/private2>
Options Indexes
AllowOverride None
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
SSLRequireSSL
SSLRequire true
#SSLRequire %{SSL_CLIENT_S_DN_CN} eq "testuser"
</Directory>
ScriptAlias /scr2 /opt/wwwdoc/private2/script

I try to hit this folder with : 
curl -v --cert testuser.cer --key testuser.rsa.key --data @test.txt https://172.17.0.3:443/scr2/dropoff

According to my logic the above config should check whether the certificates are valid and then let people in but instead no matter what I try (and the certs are valid) I get an access denied (403)

I however I go with the following :
<Directory /opt/wwwdoc/private2>
Options Indexes
AllowOverride None
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
SSLRequireSSL
Require all granted
</Directory>

After the certificate check the users are let in. What am I missing ?
Obliviously my ultimate goal is to check the certificate CN value (as you can see in the first config). That doesn't work either.

Thomas
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux