Hello, is there a way to restrict access to a website, running Apache via cPanel, using SSL (like CTLs on IIS/Windows)?
I.E, the user has to have an ssl certificate installed/issued to be able to access the site.
+4
A:
This is certainly possible, through the SSLRequire directive. The most trivial setup is to formulate %{SSL_CLIENT_VERIFY} eq "SUCCESS". This also requires settting SSLVerifyClient and SSLCACertificatePath, as well as to install the trusted CA certificates.
Martin v. Löwis
2009-08-17 14:16:26
I understand that all that does is ensure that content is delivered over HTTPS protocol? I need something that restricts unless a certificate is provided by end user.
Shamil
2009-08-17 14:21:36
No, you misunderstand. If you test for SSL_CLIENT_VERIFY, then HTTPS connections will be rejected if the user does not use the certificate provided to him, or does use a certificate whose CA is not in your list of trusted CAs. If you want to further restrict this (e.g. to specific such users), you can also do that in SSLRequire. Don't confuse the option with SSLRequireSSL.
Martin v. Löwis
2009-08-17 14:29:41
Ah right thank you very much :)
Shamil
2009-08-17 14:32:18