RE: Apache 2.0.39 + ssl + ldap with client certificate authentication
Hi Vadim The patch allows for both certificate and basic authentication. Check http://authzldap.othello.ch/howto.html for two examples on how to use it. Do be aware that at the moment it's only mean for Apache 1.3.x. I did see a posting by the author himself on this list yesterday, saying he was adding support for Apache 2 fairly soon. W.r.t : "What kind of LDAP lookup works best with X509_NAME_oneline()-style names?" do check the howto's. The certificate authentication can be done against the certificate subject or serial number. W.r.t: "Should the LDAP tree be somewhat special?" It does have to implement a few objects as shown in the howto but its fairly simple. I used Openldap as my ldap server and it worked nicely. Cheers Jose -Original Message- From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]] Sent: 02 October 2002 17:41 To: [EMAIL PROTECTED] Subject: Re: Apache 2.0.39 + ssl + ldap with client certificate authentication Hi Jose, would you please outline how exactly one could use this patch? What kind of LDAP lookup works best with X509_NAME_oneline()-style names? Should the LDAP tree be somewhat special? thank you and sorry for off-topic, Vadim On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote: > Hi Sarah > > Take a look at http://authzldap.othello.ch/index.html > > I've used it successfully. > > Cheers > Jose > > > -Original Message- > From: Sarath Chandra M [mailto:[EMAIL PROTECTED]] > Sent: 29 September 2002 11:17 > To: [EMAIL PROTECTED] > Subject: Apache 2.0.39 + ssl + ldap with client certificate > authentication > > > > Dear group, > Has anybody tried doing ldap client certificate authentication for an > apache > 2.0.39 ssl server ? > > Our environment is : > RedHat linux 7.1 kernel 2.4.x > apache 2.0.39 (inc. mod_ssl) > openssl-engine-0.9.6g > openldap (on a different redhat linux server) > > The apache website has a verisign server certificate, a self-signed CA > certificate and all clients have > certificates in the ldap server signed by this CA. > > When clients present their certificate to browse the Apache secure > site, > Apache should check the > existence of their certificate in the LDAP server and also the > validity of > the contents of the certificate presented. > > Kindly provide some direction to any solution or resources related to > this > issue. > > Any help would be highly appreciated. > > TIA > Sarath > > > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Apache 2.0.39 + ssl + ldap with client certificate authentication
On Wed, 2 Oct 2002, Sarath Chandra M wrote: > Dear Jose, > I had looked at the site u mentioned. But my problem is in applying the > patch (http://authzldap.othello.ch/modssl-patch.html) to mod_ssl > as said in the installation page of the same site. > If you could tell me how to apply this patch, then I can go ahead and > try. I'm right now working on a new release of the module that is sup posed to support apache2, hopefully I'll get that out of the door today or tomorrow. Mit herzlichem Gruss Andreas Mueller -- Dr. Andreas Mueller, Beratung und Entwicklung CH-8852 Altendorf Switzerland Tel: +41 55 4621483 Fax: +41 55 4621485 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache 2.0.39 + ssl + ldap with client certificate authentication
Hi Jose, would you please outline how exactly one could use this patch? What kind of LDAP lookup works best with X509_NAME_oneline()-style names? Should the LDAP tree be somewhat special? thank you and sorry for off-topic, Vadim On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote: > Hi Sarah > > Take a look at http://authzldap.othello.ch/index.html > > I've used it successfully. > > Cheers > Jose > > > -Original Message- > From: Sarath Chandra M [mailto:[EMAIL PROTECTED]] > Sent: 29 September 2002 11:17 > To: [EMAIL PROTECTED] > Subject: Apache 2.0.39 + ssl + ldap with client certificate > authentication > > > > Dear group, > Has anybody tried doing ldap client certificate authentication for an > apache > 2.0.39 ssl server ? > > Our environment is : > RedHat linux 7.1 kernel 2.4.x > apache 2.0.39 (inc. mod_ssl) > openssl-engine-0.9.6g > openldap (on a different redhat linux server) > > The apache website has a verisign server certificate, a self-signed CA > certificate and all clients have > certificates in the ldap server signed by this CA. > > When clients present their certificate to browse the Apache secure > site, > Apache should check the > existence of their certificate in the LDAP server and also the > validity of > the contents of the certificate presented. > > Kindly provide some direction to any solution or resources related to > this > issue. > > Any help would be highly appreciated. > > TIA > Sarath > > > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Apache 2.0.39 + ssl + ldap with client certificate authentication
Title: Message Dear group,Has anybody tried doing ldap client certificate authentication for an apache2.0.39 ssl server ?Our environment is :RedHat linux 7.1 kernel 2.4.xapache 2.0.39 (inc. mod_ssl)openssl-engine-0.9.6gopenldap (on a different redhat linux server)The apache website has a verisign server certificate, a self-signed CAcertificate and all clients havecertificates in the ldap server signed by this CA.When clients present their certificate to browse the Apache secure site,Apache should check theexistence of their certificate in the LDAP server and also the validity ofthe contents of the certificate presented.Kindly provide some direction to any solution or resources related to thisissue.Any help would be highly appreciated.TIASarath
