Client side Certificates

Client side certificates requires a digital certificate to be installed prior to making a connection to the web server. I've been using this configuration to provide one additional layer of security for my mh configuration.

To gain access to my mh reverse-proxied website, you need both the url, webserver credentials, and a loaded certificate. I've tested this in safari, firefox and ie.

The primer that I used to configure all the settings can be found here: Client Side Certificate Authentication with Apache

---

my httpd.conf looks like this:

DocumentRoot /data/www/secure_mh_root ErrorLog /var/log/httpd/secure_mh_root_error_log ServerName secureserver.somewhere.com ServerSignature email TransferLog /var/log/httpd/secure_mh_root_access_log

SSLEngine on SSLCACertificateFile /etc/ssl/httpd/ca/ca.crt SSLCertificateFile /etc/ssl/httpd/secure.crt SSLCertificateKeyFile /etc/ssl/httpd/secure.key Options all AllowOverride All SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 10

SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 10

ProxyRequests Off

Allow from all Options +ExecCGI SetOutputFilter proxy-html ProxyPass http://house:80/ ProxyPassReverse http://house:80/ ProxyHTMLURLMap http://house:80 /mh ProxyHTMLURLMap / /mh/ RequestHeader unset Accept-Encoding

---

This has been working great for me for the last two years or so. if anyone has any questions, let me know. hplato <@> gmail . com