Hi all
Apache/2.2.17 (FreeBSD)
I'm trying to use client certificates to authenticate my few users. I
created a self-signed CA, server certificates and user certificates,
and installed them in the appropriate places. I then created a vhost:
<VirtualHost *:443>
ServerName rc.ketbun.com
SSLEngine on
SSLCertificateFile /etc/ssl/ketbun/star.ketbun.com/apache.crt
SSLCertificateKeyFile /etc/ssl/ketbun/star.ketbun.com/apache.key
SSLCACertificateFile /etc/ssl/ketbun/ca.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCARevocationFile /etc/ssl/ketbun/ca.crl
SSLOptions +FakeBasicAuth +StdEnvVars
RequestHeader set X-Username %{SSL_CLIENT_S_DN_Email}s
</VirtualHost>
This all works nicely, and users can only access if they have been
issued with keys/certificates and installed them in their browser.
However, I can't seem to get any of these details to be logged.
Without creating phony .htpasswd files listing all my users with dummy
passwords, is there any way to extract an attribute from the client
certificate's DN and use that to populate r->username? FakeBasicAuth
doesn't seem to want to do anything without the dummy .htpasswd, and
whilst I can pass the information easily enough to the webapps without
this (adding it as a request header), this doesn't help me get the
info into the access logs.
Any ideas?
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|