| Version 2 (modified by , 16 years ago) ( diff ) |
|---|
Using SSL Client Certificates to log into Trac
Set up your SSL PKI
I will not explain in detail how to set up SSL for Apache. There are a lot of good step-by-step guides out there that can help you in this:
- In my opinion the best guide is this one: http://www.securityfocus.com/infocus/1818
- The official apache mod_ssl documentation can be found here: http://httpd.apache.org/docs/2.2/ssl/
I'll assume that you have the following by now:
- a certificate for your Trac web server
- client certificates for your users (already installed in their browsers)
How to configure mod_ssl
Here are the most important apache directives.
Server configuration (httpd.conf):
<IfModule mod_ssl.c> ... SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /your/root/certificate.pem ... </IfModule>
Virtual host configuration:
... SSLEngine on <Location /trac> ... SSLRequireSSL ... </Location> <Location "/login"> # Rather than setting REMOTE_USER through basic authentication # we'll set it directly as the client's certificate's common name. SSLUserName SSL_CLIENT_S_DN_CN </Location>
Note:
See TracWiki
for help on using the wiki.
