Single SignOn using OpenSSL on Apache Server

Question

Hi,

I am new to the OpenSSL world and trying to implement SSO on my PHP based application. I have already set up the OpenSSL Library and PHP openssl extension.

Now, what I need to know is, what steps I need to take and where I can find reference of that. My requirement are

1- User will be provided a certificate, and browser will submit that certificate for client authentication using SSL. 2- User will not need to go through the long authentication process of login rather the certificate will handshake with the server. 3- Certificate will be self signed or my company will be the CA for every certificate.

Please guide me how to setup all these thing on PHP based application with all the steps to follow.

Answer 1

have u see this link Apache PHP and OpenSSL installation tutorial :

http://lingua.mtsu.edu/computing/map/map-1.2.html

Answer 2

It's easy. Configure your client side certificate, configure your webserver to validate client certificates then point your browser at:

<?php phpinfo(); ?>

...and you'll see where to retrieve the details and how they are formatted/referenced.

(the PHP openSSL extension is irrelevant for authentication - the details are all passed by CGI from mod_ssl)

C.

Answer 3

Friends, I got the complete answer at http://www.experts-exchange.com/Security/Encryption/Q_25076701.html

Now I want to confirm that can we use single client certificate and populate the commonName and email fields from credential store on the computer at run-time? My application will all be on same domain so I want their domain login to be used for my application.

Regards,