If you are creating your own self signed user certificates (with you own CA) you can easily edit the httpd.conf of your IBM HTTP Server to use these certificates for a restriced access.
After adding a prober CA root cert (see this post)
open the httpd.conf and edit (one) your virtual host(s)
<VirtualHost <ip-adress>:< port>
ServerName <server name>
SSLEnable
SSLClientAuth 2
SSLServerCert <ssl server cert>
<Directory "/" >
Options Indexes MultiViews
Order allow,deny
Allow from all
SSLClientAuthRequire <your ca root dn>
</Directory>
RequestHeader set HTTPS %{HTTPS}e
RequestHeader set SSL_CIPHER %{SSL_CIPHER}e
RequestHeader set SSL_CLIENT_CN %{SSL_CLIENT_CN}e
RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e
DocumentRoot /usr/IBM/HTTPServer/www-doc-root2/
</VirtualHost>
Add SSLClientAuth 2 for a required client authentification.
Add SSLClientAuthRequire <your ca root dn> to a directory (/ for all directories).
Example: SSLClientAuthRequire o="ibm.com"
Friday, January 2, 2009
Subscribe to:
Post Comments (Atom)
0 Kommentare:
Post a Comment