httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject [users@httpd] mod_ssl, client certificates and r->username
Date Fri, 21 Jan 2011 10:24:54 GMT
Hi all

Apache/2.2.17 (FreeBSD)

I'm trying to use client certificates to authenticate my few users. I
created a self-signed CA, server certificates and user certificates,
and installed them in the appropriate places. I then created a vhost:

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/ketbun/
    SSLCertificateKeyFile /etc/ssl/ketbun/
    SSLCACertificateFile /etc/ssl/ketbun/ca.crt
    SSLVerifyClient require
    SSLVerifyDepth 1
    SSLCARevocationFile /etc/ssl/ketbun/ca.crl
    SSLOptions +FakeBasicAuth +StdEnvVars
    RequestHeader set X-Username %{SSL_CLIENT_S_DN_Email}s

This all works nicely, and users can only access if they have been
issued with keys/certificates and installed them in their browser.
However, I can't seem to get any of these details to be logged.

Without creating phony .htpasswd files listing all my users with dummy
passwords, is there any way to extract an attribute from the client
certificate's DN and use that to populate r->username? FakeBasicAuth
doesn't seem to want to do anything without the dummy .htpasswd, and
whilst I can pass the information easily enough to the webapps without
this (adding it as a request header), this doesn't help me get the
info into the access logs.

Any ideas?



The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message