We are using client certificates to authenticate users for a back end website.
While we use SSLVerifyClient require in our Apache config file, we also check details in the certificate to verify the user. I have recently moved from a server running an old version of Apache to a server running Apache 2.4.7
On the previous server the PHP $_SERVER variable had the keys SSL_CLIENT_S_DN_CN and SSL_CLIENT_S_DN_Email populated with these details from the client cert. On the new server these are missing. I have enabled the SSL Option +ExportCertData
Apache config is as before, I am posting and edited version below.
<VirtualHost 192.0.0.1:443>
DocumentRoot /dir
ServerName 192.0.0.1
SSLEngine on
<IfModule mod_php4.c>
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .html
</IfModule>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .html
</IfModule>
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ScriptAlias /cgi-bin "/dir/cgi-bin"
<DIRECTORY /dir>
OPTIONS Indexes ExecCGI FollowSymLinks
SSLOptions +StdEnvVars
AllowOverride All
</DIRECTORY>
#below all self-signed
SSLCertificateFile /ssl/cert.pem
SSLCertificateKeyFile /ssl/key.pem
SSLCACertificateFile /ssl/cacert.pem
SSLVerifyClient require
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
SSLVerifyDepth 1
IndexOptions FancyIndexing
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
I wonder if anyone can she any light on how to populate these variables into PHP. Is there a config option somewhere in Apache or PHP that I am missing?
EDIT - yes /dir is the directory we are running it in (changed above from actual directory). Not sure why I have +StdEnvVars a second time within the DIRECTORY tags to be honest :)