httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johannes Müller <>
Subject Client authentication and authorization using client certificates
Date Tue, 16 Jun 2009 16:36:59 GMT

there has been an increasing number of requests concerning a certificate
based authentication / authorization for the Apache httpd in the past few
As you might remember, I started a discussion around that topic in July 
Because of the somewhat missing interest on the mailing list at that time I
haven't persued this issue any longer.
This has changed lately. Therefore I decided to spend some hours on 
finishing a
new authentication module called mod_auth_certificate

Please feel free to download it at*

*You will also find some kind of short documentation in the archive.

- Works with Apache 2.0 / 2.2 / 2.3-trunk
- Apache sources won't have to be patched
- Supports fallback to basic authentication in case of cert auth failure
- Should work with all authorization modules coming with Apache (though I
  wasn't able to check all of them).
- Easy to install without recompiling Apache
- Extremely easy to configure

My intention in this announcement is to arouse increased interest in 
that topic by
providing something usable to the list. I still believe that better 
native support for
client certificate based authentication and authorization will in future 
improved chances to the Apache webserver. I can think of smartcards 
being an
increasingly used SSO alternative to NTLM especially in heterogeneous

I would appreciate it if you could take a look at the module and leave your
comments here.

Please note that this program is open source software and was released 
under the
Also my employer has nothing to do with the release of this work. It has 
my private pleasure now :-)

Thanks and Greetings,
Johannes Müller

View raw message