Reputation: 73
Certificates in PHP. Two way authentication ssl. Apache
Context: production server with SSL installed. Running apache server. PHP.
Problem: for an specific url like (for example: www.domain.com/whatever/edit/*) I want to ask users to use their certificate in order to authenticate them for an specific task.
I have read that this way of authentication is called two-way authentication SSL. I don't know whether I am right or not.
What I have tried on server configuration is the following
<VirtualHost _default_:433>
ServerAdmin webmaster@localhost
DocumentRoot /Applications/MAMP/htdocs/smartdataprotection/web/
Options FollowSymLinks
Options Indexes FollowSymLinks MultiViews
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/ssl_access.log combined
SSLEngine on
SSLCertificateFile /Applications/MAMP/htdocs/certificates/server.cer
SSLCertificateKeyFile /Applications/MAMP/htdocs/certificates/server.key
SSLOptions +StdEnvVars
# Below for 2 way ssl
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /Applications/MAMP/htdocs/certificates/ca.cer
What I would like to get is something similar to the following screen capture:
Thank you very much in advanced any help will be very welcome and highly appreciate.
Regards.
Upvotes: 0
Views: 2527
Answers (1)
Reputation: 18517
I think that you're missing SSLCipherSuite directive . In apache documentation:
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase.
Also normally you want to login in a site with certificate in specific location not directly in www.yourdomain.com, for example in a button link with goes to wwww.yourdomain.com/yourApp/loginCert so you have to configure <Location> inside the <VirtualHost>.
Finally check the file indicated in the SSLCACertificateFile directive, this file is a concatenation of CA certificates in a PEM format, which issues the certificates allowed to login in your site, if your certificate is not issued by one of the CAs inside this file they will be not showed up in the browser popup.
The configuration could looks like:
<VirtualHost _default_:433>
...
<Location /yourApp/loginCert>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCACertificateFile conf/trustedCA.cer
SSLVerifyClient required
SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
</Location>
Hope this helps,
Upvotes: 2
Related Questions
- PHP: SSL HTTP Authentication?
- Set up two-way ssl authentication for web site
- 2 Way SSL using Apache - Certificate questions
- Mutual SSL using CA issued certificates
- Two-way SSL authentication with Apache - CA certificate
- php SSL client certificate authentication
- SSL and php logins
- Authenticate Web Browser with SSL certificate
- php login with SSL
- SSL Self-Signed CA Certificates and PHP Issue/Authentication