I’m trying to configure my Apache server to require client provide a SSL certificate in order to gain access to the site. I have the setup working with self-signed certificates, but when I switched over to LE, I’m having a hard time. Could someone please help me out with this? My Apache config looks as follows:
# working configuration with self-signed certs SSLCertificateFile /etc/ssl/ca/certs/privateTools.crt SSLCertificateKeyFile /etc/ssl/ca/private/privateTools.key SSLCertificateChainFile /etc/ssl/ca/certs/privateToolsCA.crt SSLCACertificateFile /etc/ssl/ca/certs/privateToolsCA.crt # Not working with LE certs SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.dimaj.net/privkey.pem SSLCertificateFile /etc/letsencrypt/live/gitlab.dimaj.net/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/gitlab.dimaj.net/chain.pem #SSLCACertificateFile /etc/letsencrypt/live/gitlab.dimaj.net/chain.pem # validate SSL Certificate SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLProxyEngine off <Directory /srv/websites/phpldapadmin> SSLRequireSSL SSLOptions +StrictRequire Satisfy any SSLVerifyClient require </Directory>
I guess I have 2 questions here…
- What do I specify for the SSLCACertificateFile
- How do get a client certificate and how do I sign it?
Thank you very much for the help!