What should have been a simple assignment turned out to be a hair pulling endeavour. The ultimate goal was to read the client side certificate data in PHP. I am by no means a system administrator. And the SSL part will probably be done by somebody more experienced. And the certificates will be signed by real CA’s. But for developing locally i need something functioning.
So i spend the last hours trying to get client side certificates working. With absolutely no luck. I found a bunch of posts by doing Google searches. But none of them seem to offer the proper information for creating good client side certificates. Creating the CA and the server certificate is no problem at all. But creating a client side certificate seems impossible. Some of the post i tried:
You would have thought that something like this would have been documented pretty well by now. But no luck for me. This only resulted in
So after almost giving up i found the CA.sh script hidden in /usr/lib/ssl/misc this little sucker seems to do the job pretty well. Creating a CA, server certificate and client side certificate is extremely easy. So i settled for that.
Creating the CA
$ cd /usr/lib/ssl/misc $ /CA.sh -newca
And fill out some basic certificate data
Creating the server certificates
$ ./CA.sh -newreq
Fill out the same basic certificate data
Sign the sucker
$ ./CA.sh -sign
The only thing left to do is creating the client side certificate
openssl pkcs12 -export -in newcert.pem -inkey newkey.key -out username.p12 -name “Client Certificate”
Time to configure Apache2. I used the standard default-ssl virtual host and just reconfigured it
$ /etc/init.d/apache2 restart
The server side is ready. But it is still impossible to connect at this moment. We need to install the client certificate inside Firefox
Edit > Preferences > Advanced > View Certificates
Choose import and browse to the newly created *.p12 certificate file.
Now i can finally connect based on my client side certificate and read the pieces of data i was looking for. Which can easily found by doing
Some of the stuff i was looking for
Now it’s time for the fun part.