如何使用 apache 来要求用户名+证书?

如何使用 apache 来要求用户名+证书?

我在本地服务器上运行 Apache 实例,并希望要求用户名和相应的证书来对 Subversion 存储库的用户进行身份验证/授权。这是我当前的服务器配置:我需要哪些指令来要求用户名?

<VirtualHost *:443>
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www
    ServerSignature On
    SSLEngine on
    SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt
    SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key
    SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt
    SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt
    SSLVerifyClient optional
    SSLVerifyDepth 2

    <Location /repo>
        DAV svn
        SVNPath /srv/repos/svn/insec
        SSLRequireSSL
        AuthzSVNAccessFile /srv/repos/svn/insec/conf/authz
        AuthType Basic
        AuthName "Subversion repository"
        Require valid-user
    </Location>
</VirtualHost>

编辑:添加了 SSLCertificateChainFile,以便客户端可以获得 ca 证书(如果尚未安装)。
编辑2:最后一件事:如何将特定证书与用户名匹配?

答案1

好的,我现在可以工作了,为了进一步参考我的配置:

<VirtualHost *:443>
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www
    ServerSignature On
    SSLEngine on
    SSLCertificateFile /opt/ssl/ServerCA/server/certs/ServerWeb.crt
    SSLCertificateKeyFile /opt/ssl/ServerCA/server/keys/ServerWeb.key
    SSLCACertificateFile /opt/ssl/ServerCA/CA/ServerCA.crt
    SSLCertificateChainFile /opt/ssl/ServerCA/CA/ServerCA.crt
    SSLVerifyClient optional
    SSLVerifyDepth 2
    SSLUserName SSL_CLIENT_S_DN_CN # that line tells apache to use the common name of the client certificate as the username, that's what i was still missing.

    <Location /repo>
        DAV svn
        SVNPath /path/to/repo/
        SSLRequireSSL
        AuthzSVNAccessFile /path/to/repo/conf/authz
    </Location>
</VirtualHost>

相关内容