PIVKey and Apache Server

https://pivkey.com/test/ is a directory on the PIVKey server that is configured to require client certificate authentication.  It is handy to test whether a PIVKey is working.

To enable Client Certificate authentication on a directory on your web site, you will need an SSL certificate for the server.  Then configure the virtual server as follows:

<VirtualHost _default_:443>
  DocumentRoot "/opt/apache2/htdocs/"
  SSLEngine on

<!-- server.crt contains the SSL certificate of the server itself, as seen in the padlock of the browser -->
SSLCertificateFile "/opt/apache2/conf/server.crt"

<!-- server.crt contains the private key of the server certificate above -->
SSLCertificateKeyFile "/opt/apache2/conf/server.key"

<!-- server-ca.crt is a concanated list of ca certificates trusted by the server for client authentication -->
SSLCACertificateFile "/opt/apache2/conf/server-ca.crt"

<!-- +StdEnvVars is required only if you want access to the certificate fields -->
SSLOptions +StdEnvVars   

<Directory "/opt/apache2/htdocs/test/">

<!-- require client certificate authentication -->
    SSLVerifyClient require

<!-- set the number of levels of CA certs (root + intermediate) for the client certificates -->
    SSLVerifyDepth 3
  </Directory>
</VirtualHost>

If you want to use the default PIVKey client certificates, the server-ca.crt should contain both the root and intermediate certificates from Taglio. You can download the file from: http://ca.pivkey.com/

To display the certificate data, you can include the SSL_CLIENT certificate field tags. The following is an example PHP page for your server. It should be placed inside the directory that requires the client certificate authentication.

<?php
if ($_SERVER['HTTPS']) {

  if ($_SERVER['SSL_CLIENT_S_DN']) {
  ?>

<table border="0" cellspacing="1" style="border-collapse: collapse" bordercolor="#111111"  cellpadding="1">
  <tr>
       <tr>
        <td class="TableRow1">Name:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_S_DN_CN']; ?></td>
      </tr>
      <tr>
        <td class="TableRow2">Email address:</td>
        <td class="TableRow2"><?php echo $_SERVER['SSL_CLIENT_S_DN_Email']; ?></td>
      </tr>
      <tr>
        <td class="TableRow1">Company name:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_S_DN_O']; ?></td>
      </tr>
      <tr>
        <td class="TableRow2">Department:</td>
        <td class="TableRow2"><?php echo $_SERVER['SSL_CLIENT_S_DN_OU']; ?></td>
      </tr>
      <tr>
        <td class="TableRow1">City:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_S_DN_L']; ?></td>
      </tr>
      <tr>
        <td class="TableRow2">State:</td>
        <td class="TableRow2"><?php echo $_SERVER['SSL_CLIENT_S_DN_ST']; ?></td>
      </tr>
      <tr>
        <td class="TableRow1">Country:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_S_DN_C']; ?></td>
      </tr>
      <tr>
        <td class="TableRow2">Valid From:</td>
        <td class="TableRow2"><?php echo $_SERVER['SSL_CLIENT_V_START']; ?></td>
      </tr>
      <tr>
        <td class="TableRow1">Valid To:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_V_END']; ?></td>
      </tr>
      <tr>
        <td class="TableRow2">Serial Number:</td>
        <td class="TableRow2"><?php echo $_SERVER['SSL_CLIENT_M_SERIAL']; ?></td>
      </tr>
      <tr>
        <td class="TableRow1">Issued By:</td>
        <td class="TableRow1"><?php echo $_SERVER['SSL_CLIENT_I_DN_CN']; ?></td>
      </tr>

    </table>
   <?php

   }

  }

 ?>

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk