- Mac os docker ssl certificate how to#
- Mac os docker ssl certificate verification#
- Mac os docker ssl certificate code#
- Mac os docker ssl certificate series#
By default, only the http/1.1 protocol is allowed (which includes compatibility with clients 1.0 and 0.9). Protocols must be set up if you want to extend the available protocols for a server/host. The list determines the allowed protocols that a customer can negotiate for this server/host. The APACHE_HTTP_PROTOCOLS variable specifies the list of supported protocols for the virtual server/host. If the value of the Apache SSLVerif圜lient directive is optional or optional_no_ca, if some validation error should occur, then the specific page defined by the CLIENT_VERIFY_LANDING_PAGE variable would be displayed.
Mac os docker ssl certificate verification#
Making the verification optional, allows a more flexible management of the error in case the validation of the client certificate fails. The variable APACHE_SSL_VERIFY_CLIENT acts on the configuration of the client side certificate verification process. For more information you can consult the documentation on LogLevel Directive. The APACHE_LOG_LEVEL and APACHE_SSL_LOG_LEVEL variables allow you to modify the general log level and the specific one for the SSL module. The APPLICATION_URL variable defines the redirect path if it is accessed via HTTP and not HTTPS. The CN (Common Name) of this specific certificate is set to issued by Antonio Musarra's Blog Certification Authority.īy default the HTTPS port is set to 10443 by the variable APACHE_SSL_PORT. The server certificate used in this project was issued by a private Certification Authority created ad hoc and obviously not recognized. The name of the file containing the private key (in PEM format) of the public certificate.
The name of the file that contains the public certificate of the server in PEM (Privacy-Enhanced Mail) format The following variables and in particular APACHE_SSL_CERTS and APACHE_SSL_PRIVATE set: The first group of four variables are very clear and I don't think they need further explanation. # Apache ENVsĮNV APACHE_SERVER_NAME ĮNV APACHE_SERVER_ADMIN APACHE_SSL_CERTS .cerĮNV APACHE_SSL_PRIVATE .keyĮNV APPLICATION_URL ENV CLIENT_VERIFY_LANDING_PAGE /error.php The values of these environment variables can be changed to suit your needs.
FROM ubuntu:18.04īelow is the section on environment variables that are purely specific to Apache HTTP. The first line of the file (as anticipated above) makes the container start from the image ubuntu: 18.04.
Mac os docker ssl certificate series#
To create an image we need to build the Dockerfile, thanks to a series of directives allows us to create an image as needed. We try to understand which are the most significant sections of the Dockerfile. If successful, the server grants access to the protected resource requested by the client.įigure 1 shows what happens during the mutual authentication process (or mutual authentication).įigure 1 - What happens during the mutual authentication process The server verifies the client's credentials If successful, the client sends its certificate to the server The client verifies the server certificate The server presents its certificate to the client Mutual authentication based on the SSL/TLS protocol refers to two parties that mutually authenticate each other by verifying the digital certificate provided so that both participants are sure of the identity of others. Briefly, the process of authenticating and creating an encrypted channel using certificate-based mutual authentication (or mutual authentication) involves the following steps:Ī client requests access to a protected resource This page shows a series of basic information extracted from the digital certificate used for authentication. The two modules were installed exclusively to build the user's landing page after the authentication phase. The installation of PHP and the Apache module is completely optional. It is a Docker project that starts from the basic Ubuntu image (version 18.04), specialized to meet the minimum requirements for an SSL/TLS Mutual Authentication system. In this video, you can see the project in action.
The latest version of the project (1.2.2) was installed on Google Cloud and available online at.
Mac os docker ssl certificate code#
The source code of the project is available on the my GitHub repository Apache HTTP 2.4 - Docker image for SSL/TLS Mutual Authentication.
Mac os docker ssl certificate how to#
In this article, I will describe the project and how to use it. In this way, I have the possibility to test the client, in particular, the process of mutual authentication. Many times I have to write clients that need to interact with services (HTTP, SOAP, REST, etc.) that are protected by an SSL/TLS Mutual Authentication mechanism. For this reason, I decided to create a project whose purpose is to provide a ready-to-use template and which realizes a mutual authentication or bilateral SSL/TLS authentication system based on Apache HTTP.
0 kommentar(er)
