Howdy,
There are many guides online for setting up client based SSL for websites.
One of the best I've seen so far is dwheeler.com/essays/apache-cac-configuration.html
Now my question is this, and I am sure it is something simple.. How do I setup a server to grant access on a per-file basis, depending on the CN of the client?
If CN=kevinds how can I only allow access to secure.example.com/kevinds.html? CN=tuttle secure.example.com/tuttle.html but not have CN=tuttle access secure.example.com/kevinds.html
Per directory is ok if I have to, secure.example.com/kevinds/kevinds.html but would prefer to keep all files in the same directory..
I keep finding examples on how to allow any client signed by the CA access to all files.. Which works if there was only one certificate accessing the server.
Am I close? Way off? Been at this for a few hours.. Feel like I am close now, but still far enough off that I need to ask for help.
> Minor Issue: Anybody know how to change my profile to TechnicalUser? lol I don't see a way yet to edit this..
There are many guides online for setting up client based SSL for websites.
One of the best I've seen so far is dwheeler.com/essays/apache-cac-configuration.html
Now my question is this, and I am sure it is something simple.. How do I setup a server to grant access on a per-file basis, depending on the CN of the client?
If CN=kevinds how can I only allow access to secure.example.com/kevinds.html? CN=tuttle secure.example.com/tuttle.html but not have CN=tuttle access secure.example.com/kevinds.html
Per directory is ok if I have to, secure.example.com/kevinds/kevinds.html but would prefer to keep all files in the same directory..
I keep finding examples on how to allow any client signed by the CA access to all files.. Which works if there was only one certificate accessing the server.
Code:
NameVirtualHost \*:443
<VirtualHost \*:443>
ServerName secure.example.com
SSLRequireSSL
## I have a feeling I should be putting the SSLCertificate lines under the NameVirtualHost rather than VirtualHost?
SSLCertificateFile [Filename for server certificate]
SSLCertificateKeyFile [Filename for server certificate private key]
SSLCertificateChainFile [Filename for root chain certificate]
DocumentRoot /var/[URL unfurl="true"]www/vhosts/secure[/URL]
SSLOptions +FakeBasicAuth "%{SSL_CLIENT_S_DN_CN}" +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
SSLVerifyClient require
SSLVerifyDepth 10 #Will have to test but 10 should be sufficient to start?
SSLCACertificateFile [Same file as SSLCertificateChainFile ? Is this needed?]
##This next part is the part I believe I have to tweak?? This allows everyone with a cert access rather than just the user to their specific file
AuthType Basic
AuthBasicProvider file
AuthUserFile /var/[URL unfurl="true"]www/vhosts/secure.txt[/URL]
Require valid-user
</VirtualHost>Am I close? Way off? Been at this for a few hours.. Feel like I am close now, but still far enough off that I need to ask for help.
> Minor Issue: Anybody know how to change my profile to TechnicalUser? lol I don't see a way yet to edit this..