我在本地服务器上运行 Apache 实例,并希望要求用户名和相应的证书来对 Subversion 存储库的用户进行身份验证/授权。这是我当前的服务器配置:我需要哪些指令来要求用户名?
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerSignature On
SSLEngine on
SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt
SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key
SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt
SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt
SSLVerifyClient optional
SSLVerifyDepth 2
<Location /repo>
DAV svn
SVNPath /srv/repos/svn/insec
SSLRequireSSL
AuthzSVNAccessFile /srv/repos/svn/insec/conf/authz
AuthType Basic
AuthName "Subversion repository"
Require valid-user
</Location>
</VirtualHost>
编辑:添加了 SSLCertificateChainFile,以便客户端可以获得 ca 证书(如果尚未安装)。
编辑2:最后一件事:如何将特定证书与用户名匹配?
答案1
好的,我现在可以工作了,为了进一步参考我的配置:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerSignature On
SSLEngine on
SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt
SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key
SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt
SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt
SSLVerifyClient optional
SSLVerifyDepth 2
SSLUserName SSL_CLIENT_S_DN_CN # that line tells apache to use the common name of the client certificate as the username, that's what i was still missing.
<Location /repo>
DAV svn
SVNPath /path/to/repo/
SSLRequireSSL
AuthzSVNAccessFile /path/to/repo/conf/authz
</Location>
</VirtualHost>