如何使用Apache进行客户端证书认证
问题很明确,但我没有在线找到任何有用的教程.所以我希望我能在这里有幸.
The question is very clear but I did not find any useful tutorial online. So I wish I could have some luck here.
基本上,我想使用Apache构建客户端证书身份验证.我为托管站点为Apache配置了conf文件.我放入的conf在这里:
Basically, I want to build a client certificate authentication with Apache. I configured the conf file for Apache for the site I am hosting. The conf I put is here:
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/apache2/ssl/client.crt
但是我不知道如何为客户端生成证书和密钥文件.而且,我应该在Apache服务器配置中的SSLCACertificateFile上放什么文件?
However I have no idea how to generate the certificate and key file for the client. And also, what file should I put on the SSLCACertificateFile in the Apache server configurations?
服务器是否只是将客户端发送的证书文件与服务器上的证书文件进行比较?客户端证书身份验证到底在做什么?
Does the server simply compare the certificate file sent from client with the certificate file on the server? What exactly the client certificate authentication is doing ?
您将在此处找到有关如何创建CA证书以及由该CA证书签名的证书的说明: http://pages.cs.wisc.edu/~zmiller/ca-howto/
You'll find instructions on how to create a CA cert and certs signed by this CA cert here: http://pages.cs.wisc.edu/~zmiller/ca-howto/
事情是这样的:
- 您设置根CA密钥和证书
- 客户端生成其私钥和证书请求
- 他们向您发送证书请求
- 您使用证书请求,根CA证书和根CA密钥生成证书
- 您将证书退还给客户
然后您可以检查客户端是否提供了由CA签名"的证书.
You can then check that the client presents a certificate which is "signed" by the CA.