Client Certificate Details Missing from PHP $_SERVER Variable

1.3k views Asked by At

We are using client certificates to authenticate users for a back end website.

While we use SSLVerifyClient require in our Apache config file, we also check details in the certificate to verify the user. I have recently moved from a server running an old version of Apache to a server running Apache 2.4.7

On the previous server the PHP $_SERVER variable had the keys SSL_CLIENT_S_DN_CN and SSL_CLIENT_S_DN_Email populated with these details from the client cert. On the new server these are missing. I have enabled the SSL Option +ExportCertData

Apache config is as before, I am posting and edited version below.

<VirtualHost 192.0.0.1:443>

DocumentRoot /dir
ServerName   192.0.0.1


SSLEngine on

<IfModule mod_php4.c>
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .html
</IfModule>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .html
</IfModule>
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ScriptAlias /cgi-bin   "/dir/cgi-bin"

<DIRECTORY /dir>
OPTIONS  Indexes ExecCGI FollowSymLinks
SSLOptions +StdEnvVars
AllowOverride All
</DIRECTORY>

#below all self-signed
SSLCertificateFile /ssl/cert.pem
SSLCertificateKeyFile /ssl/key.pem
SSLCACertificateFile /ssl/cacert.pem

SSLVerifyClient require
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars

SSLVerifyDepth 1
IndexOptions FancyIndexing
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

</VirtualHost>

I wonder if anyone can she any light on how to populate these variables into PHP. Is there a config option somewhere in Apache or PHP that I am missing?

EDIT - yes /dir is the directory we are running it in (changed above from actual directory). Not sure why I have +StdEnvVars a second time within the DIRECTORY tags to be honest :)

0

There are 0 answers