Advanced Search
HomeAdvice, Support, Help Files & KnowledgeBaseDigi-Access™ Two Factor AuthenticationDigi-Access™ Administrator InstructionsApache

Configuring for Digi-Access™

Configuring Apache 1.3 for Digi-Access™ Client Certificate Authentication

To configure Apache, do:

- Open for editing the httpd.conf Apache configuration file
- Locate the Virtual Host section for your SSL secured site
- You will need to decide whether you wish to secure the entire site or just a particular directory. Both options will use the same Apache configuration directives, however if you wish to implement per directory authentication, you will need to add all of the necessary directives below into the specified directory options section, i.e. within the following directory directives:

- Add the following directive line into your site/directory configuration section:

SSLOptions +StdEnvVars +ExportCertData

This directive can be used to control various run-time options on a per-site and per- directory basis. Normally, if multiple SSLOptions could apply to a directory, then the most specific one is taken completely; the options are not merged. However if all the options on the SSLOptions directive are preceded by a plus (+) or minus (-) symbol, the options are merged. Any options preceded by a (+) are added to the options currently in force, and any options preceded by a (-) are removed from the options currently in force.
When the option StdEnvVars is enabled, the standard set of SSL related CGI/SSI environment variables are created. This per default is disabled for performance reasons, because the information extraction step is a rather expensive operation. Enable this option for CGI and SSI requests only.

When the option ExportCertData is enabled, additional CGI/SSI environment variables are created: SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAIN (with n = 0,1,2,..). These contain the PEM-encoded X.509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking. Additionally all other certificates of the client certificate chain are provided, too. This bloats up the environment a little bit which is why you have to use this option to enable it on demand.

Digi-Access™ Support

Related Support

  • Ireland, Dublin
    +353 (1) 685-3680