chris+linuxchix at aptivate.org
Thu Jul 23 12:45:45 UTC 2009
Please, let's stay on the list so that others can benefit.
On Thu, 23 Jul 2009, Wolf Rising wrote:
> Thank you so much for the response, would you happen to be aware of any
> online sites where I could find information on how to set this up?
> It seems the most secure way to go about things, or at least much better
> than the one we currently have in place :-)
Just follow the usual instructions for setting up a CA and generating
client certificates, but instead of generating a new RSA key, use the
existing one in ~/.ssh/id_rsa.
Some sample instructions are at [http://www.garex.net/apache/], but I
haven't tested them.
Convert each (client certificate and key) pair into a PKCS12 file, using
openssl pkcs12, and import it into the browser on that client.
Configure Apache to require certificate authentication for connecting to
those services that you want to protect, and place any necessary
restrictions on the DN of the certificate, as described on that site.
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES
Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
More information about the Techtalk