cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bug-1537
add-quality-check-script
bug-1562
bug-1561
bug-1560
bug-1559
main
fix/bug-1550
v2023.09.16
v2024.05.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f76ef5996'
${ noResults }
cacert-webdb/pages/help/9.php

64 lines
2.9 KiB
PHP
Raw Blame History

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.CAcert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
function dotab($num)
{
for($i = 0; $i < $num; $i++)
{
for($j = 0; $j < 8; $j++)
$string .= "&nbsp;";
}
return($string);
}
?>
<h3><?=_("How can I do a single sign on similar to CAcert using client certificates?")?></h3>
<p><?=_("Firstly you need mod-ssl and apache setup (this is beyond the scope of this FAQ item and you will need to search on google etc for LAMP setup information). I recommend mod-ssl over apache-ssl because it means you need less resources to achieve the same result.")?></p>
<p><?=_("Once you have everything setup and working you will need to add lines similar to below to your apache.conf")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
&lt;VirtualHost 127.0.0.1:443&gt;<br>
SSLEngine on<br>
SSLVerifyClient require<br>
SSLVerifyDepth 2<br>
SSLCACertificateFile /etc/ssl/cacert.crt<br>
SSLCertificateFile /etc/ssl/certs/cacert.crt<br>
SSLCertificateKeyFile /etc/ssl/private/cacert.pem<br>
SSLOptions +StdEnvVars<br>
<br>
ServerName secure.cacert.org<br>
DocumentRoot /www<br>
&lt;/VirtualHost&gt;<br><br>
</p>
<p><?=_("Please note, you will need to alter the paths, hostname and IP of the above example, which is just that an example! The SSLCACertificateFile directive is supposed to point to a file with the root certificate you wish to verify your client certificates against, for the CAcert website we obviously only accept certificates issued by our own website and use our root certificate to initially verify this.")?></p>
<p><?=_("Once you have everything working and you've tested sending a client certificate to your site and you're happy all is well you can start adding code to PHP (or any other language you like that can pull server environment information). At present I only have PHP code available and the example is in PHP")?></p>
<p style="border:dotted 1px #900;padding:0.3em;background-color:#ffe;"><br>
<?=dotab(1)?>if($_SERVER['HTTP_HOST'] == "secure.cacert.org")<br>
<?=dotab(1)?>{<br>
<?=dotab(2)?>$query = "select * from `users` where `email`='$_SERVER[SSL_CLIENT_S_DN_Email]'";<br>
<?=dotab(2)?>$res = mysql_query($query);<br>
<?=dotab(2)?>if(mysql_num_rows($res) > 0)<br>
<?=dotab(2)?>{<br>
<?=dotab(3)?>$_SESSION['profile']['loggedin'] = 1;<br>
<?=dotab(3)?>header("location: https://secure.cacert.org/account.php");<br>
<?=dotab(3)?>exit;<br>
<?=dotab(2)?>}<br>
<?=dotab(1)?>}<br><br>
</p>
View Git Blame Copy Permalink