Authenticate through Client Certificate

This post documents how to setup using a client certificate in accessing a private web page.

The involved components are as follows:

  • Web server: Apache 2.4
  • Browser: Firefox 98

Steps:

  1. Generate CA certificate: see the previous post
  2. Configure web server to require client certificates signed by the CA
    • Add SSLVerifyClient require to the protected Location
    • Add SSLCACertificateFile to point to the CA certificate
  3. Generate a personal certificate: also described in the previous post
  4. Sign the personal certificate with CA certificate: ditto
  5. Import personal certificate into browser
    Settings → Privacy & Security → Certificates → View Certificates… → Your Certificates → Import…
  6. Configure browser to enable post-handshake authentication (Only needed if you get “…Cannot perform Post-Handshake Authentication” error. Usually happens when securing only a sub path instead of the entire server.)
    For Firefox (98)
    1. Go to the URL about:config
    2. Find and enable security.tls.enable_post_handshake_auth
  7. All set! Go ahead and test it out…

Leave a Reply

Your email address will not be published. Required fields are marked *