Edgewall Software

Changes between Initial Version and Version 1 of TracClientCertificates


Ignore:
Timestamp:
Sep 7, 2008, 6:40:27 AM (14 years ago)
Author:
Florian Grandel <jerico.dev@…>
Comment:

Added this page which should explains how to use SSL client certificates for authentication. SSL knowledge required!

Legend:

Unmodified
Added
Removed
Modified
  • TracClientCertificates

    v1 v1  
     1= Using SSL Client Certificates to log into Trac =
     2
     3== Set up your SSL PKI ==
     4I will not explain in detail how to set up SSL for Apache. There are a lot of good step-by-step guides out there that can help you in this:
     5* In my opinion the best guide is this one: http://www.securityfocus.com/infocus/1818
     6* The official apache mod_ssl documentation can be found here: http://httpd.apache.org/docs/2.2/ssl/
     7
     8I'll assume that you have the following by now:
     9* a certificate for your Trac web server
     10* client certificates for your users (already installed in their browsers)
     11
     12== How to configure mod_ssl ==
     13Here are the most important apache directives.
     14
     15Server configuration (httpd.conf):
     16<IfModule mod_ssl.c>
     17...
     18SSLVerifyClient require
     19SSLVerifyDepth 1
     20SSLCACertificateFile /your/root/certificate.pem
     21...
     22</IfModule>
     23
     24Virtual host configuration:
     25...
     26SSLEngine on
     27
     28<Location /trac>
     29  ...
     30  SSLRequireSSL
     31  ...
     32</Location>
     33
     34<Location "/login">
     35  # Rather than setting REMOTE_USER through basic authentication
     36  # we'll set it directly as the client's certificate's common name.
     37  SSLUserName SSL_CLIENT_S_DN_CN
     38</Location>