= Using SSL Client Certificates to log into Trac = == Set up your SSL PKI == I will not explain in detail how to set up SSL for Apache. There are a lot of good step-by-step guides out there that can help you in this: * In my opinion the best guide is this one: http://www.securityfocus.com/infocus/1818 * The official apache mod_ssl documentation can be found here: http://httpd.apache.org/docs/2.2/ssl/ I'll assume that you have the following by now: * a certificate for your Trac web server * client certificates for your users (already installed in their browsers) == How to configure mod_ssl == Here are the most important apache directives. Server configuration (httpd.conf): ... SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /your/root/certificate.pem ... Virtual host configuration: ... SSLEngine on ... SSLRequireSSL ... # Rather than setting REMOTE_USER through basic authentication # we'll set it directly as the client's certificate's common name. SSLUserName SSL_CLIENT_S_DN_CN