How to bind a client certificate to login?

Discussion in 'Apache' started by andre_nn, Jun 29, 2010.

0
  1. #1
    httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi


    There is a site x.ru. Access to it is permitted only to those whom I will give a client certificate. Once a user has installed a client certificate in your browser is gaining https: / / x.ru and receives authorization window. In this window, he enters a name and password, which are tied to a client certificate. After successful authentication open page of the site.

    If a person does not have a certificate, it does not receive a response from the server and can not do anything.
    If a person has a certificate, but the authenticated name is not associated with the certificate, the authorization is rejected.

    A person can get access to the site only if a client certificate and the authorization is successful, an account that is tied to the issued certificate.


    
<Directory /path/to/secure/area/> 
SSLVerifyClient require 
SSLOptions +FakeBasicAuth 
AuthName "My secure area" 
AuthType Basic 
AuthUserFile /path/to/passwd/file 
require valid-user 
</Directory> 

File Contents  /path/to/passwd/file 
/C=RU/L=Msk/O=My Inc./CN=user/emailAddress=user@domain.ru:xxj31ZMTZzkVA 
/C=RU/L=Sam/O=My LTD./CN=vas/emailAddress=vas@domain.ru:xxj31ZMTZzkVA 
/C=RU/L=Zel/O=My LLC./CN=prs/emailAddress=prs@domain.ru:xxj31ZMTZzkVA 

As the password is always a string
"Xxj31ZMTZzkVA", which is the result of the encryption string
"Password" using the algorithm DES.
    Code (markup):
    The result is a prompt for the password, but authorization fails (((
     
    andre_nn, Jun 29, 2010 IP
  2. andre_nn

    andre_nn Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    "error.log"
    [Tue Jun 29 20:13:05 2010] [error] [client 127.0.0.1] user /C=RU/ST=-/L=Moscow/O=bugzilla.ru/OU=SVN/CN=stellar/emailAddress=stellar@reki.ru not found: /

    "httpd-ssl.conf"
    SSLVerifyClient require
    SSLOptions +FakeBasicAuth
    AuthName "My secret"
    AuthType Basic
    AuthUserFile "c:/site/ssl/p"
    require valid-user
     
    andre_nn, Jun 29, 2010 IP
  3. andre_nn

    andre_nn Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    "httpd-ssl.conf"
    
"Require valid-user
    Code (markup):
    or
    
Require user 123"
    Code (markup):
    The result is a prompt for the password, but authorization fails (((
     
    andre_nn, Jun 29, 2010 IP
  4. andre_nn

    andre_nn Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    [Tue Jun 29 20:13:05 2010] [error] [client 127.0.0.1] user /C=RU/ST=-/L=Moscow/O=bugzilla.ru/OU=SVN/CN=stellar/emailAddress=stellar@reki.ru not found: /


    Why use this name? Where it takes the apache?

    I run the command
    "htpasswd-c passwd andre"
    user - "andre"
    password - "1"


    HELP!!!! ((((
     
    andre_nn, Jun 30, 2010 IP