httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: [users@httpd] Requiring specific SSL certs for HTTP Auth logins
Date Wed, 15 Sep 2004 16:15:55 GMT
On Wed, Sep 15, 2004 at 11:54:36AM -0400, Scott Gifford wrote:
> I'm using HTTP client certificate authentication in conjunction with
> HTTP Auth (well, a mod_perl extension which emulates HTTP Auth using
> cookies).  I'd like to require that the Common Name field of the
> certificate match the HTTP username of the user logging in.  Is there
> a way to do this?
> I see how to have the certificate override the username and then
> provide per-certificate passwords, but the usernames are passed to an
> underlying authentication system, so that won't really work.

If you used real HTTP auth you could just do something like


but using cookies it's more tricky.  An SSLRequire matching with a regex
match against the appropriate cookie header might work, otherwise
something more complicated using mod_rewrite (which can access SSL
variables directly in 2.0.51, using the %{SSL:SSL_CLIENT_S_DN_CN}


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message