Configuring Client Authentication with Digital Certificates on Apache HTTP Server

Configure the client authentication with digital certificates on the Apache HTTP server.

1. Open the APACHE_HOME/conf/extra/httpd-ssl.conf file in a text editor.
2. Ensure that the following SSL directives are defined:

   SSL Directives

   Parameter	Value
   SSLCACertificatePath	Location of the directory containing the separate files for each certificate authority’s digital certificate. For example, /etc/apache2/ssl.crt Set either of the SSLCACertificatePath or SSLCACertificateFile directive, not both.
   SSLCACertificateFile	Name and location of a single certificate file that contains all CA certificates. For example, /etc/apache2/ssl.crt/cacert-bundle.pem Set one of the SSLCACertificatePath or SSLCACertificateFile directive, not both.
   SSLVerifyClient	require
   SSLVerifyDepth	1

3. Save the changes and close the file.
4. Restart the Apache HTTP server, if already running.
5. Test the configuration changes by importing a client certificate into the web browser. To do this, import a PKCS12 archive file into the browser which contains the client’s X.509 certificate, corresponding private key and the public certificates of all the CAs in the chain of trust. The archive file must be trusted by one of the CAs as configured on the Apache HTTP server.
6. Use one of the following browsers:
   • Firefox
   • Internet Explorer

Copyright © Cloud Software Group, Inc. All rights reserved.