I'm stuck. I am trying to use certificate authentication to restrict access
to a directory. I'm using my own certificate authority that I created using
the commands below.
I'm running Apache2 on Debian linux.
*** CA KEYS
create CA private key
openssl genpkey -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096
create CA self signed certificate
openssl req -new -x509 -key ca.key -out ca.crt
sign client CSR
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key
-CAcreateserial -out client.crt
*** CLIENT KEYS
generate client private key
openssl genpkey -algorithm RSA -out private_key.key -pkeyopt
rsa_keygen_bits:4096
generate certificate signing request (CSR)
openssl req -new -key private_key.key -out client.csr
generate pkcs12 client certificate
openssl pkcs12 -export -out certificate.p12 -inkey private_key.key -in
client.crt
*** Apache2 config
(This is inside a virtual host block)
# This is the CA.crt file I generated above
SSLCACertificateFile /etc/apache2/ssl-client/ca.crt
<Directory /var/www/html/secure>
SSLRequireSSL
# SSLVerifyClient require
SSLVerifyClient optional_no_ca
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData
# SSLRequire %{SSL_CLIENT_S_DN_CN} == ""
</Directory>
I imported the pkcs12 client certificate I generated above into my Firefox
browser.
When I access:
https://example.com/secure
I get this error:
Forbidden
You don't have permission to access this resource.Reason: Cannot perform
Post-Handshake Authentication.
I'm not sure where to go from here. I don't know how to get past this error
message.
