Hi,
I am using http 2.2.3 version and configure SSL and client certificate on that. But when I am accessing the domain https its getting connected from those machine too on which client certificate is not install.
So can any one guide me Step by step to generate SSL server certificate and client certificate.
I followed below steps.
Step one - create the key and request:
openssl req -new > new.cert.csr
Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key
Step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
The Apache-SSL directives that you need to use the resulting cert are:
SSLCertificateFile /path/to/certs/new.cert.cert
SSLCertificateKeyFile /path/to/certs/new.cert.key
How do I create a client certificate?
Step one - create a CA certificate/key pair, as above.
openssl req -new > client.cert.csr
openssl rsa -in privkey.pem -out my.CA.key
openssl x509 -in client.cert.csr -out my.CA.cert -req -signkey my.CA.key -days 365
openssl req -new > my.CA.csr
openssl rsa -in privkeyCA.pem -out my.CA.key
Step two - sign the client request with the CA key:
openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365
Step three - issue the file 'client.cert.cert' to the requester.
The Apache-SSL directives that you need to validate against this cert are:
SSLCACertificateFile /path/to/certs/my.CA.cert
SSLVerifyClient 2
My httpd.conf setting
<VirtualHost 10.10.100.29:80>
ServerAdmin XXXXX@gmail.com
DocumentRoot /var/www/html/test
ServerName testnew.XXX.com
DirectoryIndex index.php
SSLEngine on
SSLCertificateFile /root/new.cert.cert
SSLCertificateKeyFile /root/new.cert.key
SSLCACertificateFile /root/client/my.CA.cert
SSLVerifyClient on
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>