Go to English page

ViaThinkSoft CodeLib

Dieser Artikel befindet sich in der Kategorie:
CodeLibHowTosApache

CodeLib Apache: How to query for client TLS certificate
<Directory /srv/www/secretarea>
        SSLVerifyClient optional
        SSLVerifyDepth 5

        # You can limit the CA with these directives, e.g. only allowing StartCom:
        SSLCACertificateFile /etc/ca/startcom/startcom.crt
        SSLCACertificatePath /etc/ca/startcom/

        SSLOptions +OptRenegotiate +FakeBasicAuth
        SSLRequireSSL

        # Important: Only allow certificiates which do meet the following requirements:
        SSLRequire \
                (%{SSL_CLIENT_S_DN_Email} eq "smith@example.com") || \
                (%{SSL_CLIENT_S_DN_Email} eq "miller@example.com") || \
                (%{SSL_CLIENT_S_DN_Email} eq "foobar@example.net")
</Directory>
Daniel Marschall
ViaThinkSoft Mitbegründer
Autor: Daniel Marschall
Datum: 26. Februar 2012
Gelesen: 22.301 Mal