Toon posts:

Client certificate

Pagina: 1
Acties:

vrijdag 24 november 2006 13:42

Acties:
  • Keiichi
  • Registratie: Juni 2005
  • Laatst online: 01-12 19:36

Keiichi

Topicstarter
Op mijn webserver heb ik met behulp van een eigen gemaakt CA een server certificate en enkele client certificates.

Deze zijn inmiddels geinstalleerd en werkende ( SSLVerifyClient require en SSLVerifyDepth 1 in een directory ). Browsers zonder de client certificate komen ook niet in die directory.

Maar ik zou graag ook wat informatie willen ophalen van de client certificate die gebruikt word. Met wat en hoe kan ik dit doen. (scripting talen voor handen zijn iig, perl en php, maar daarvoor heb ik weinig nuttigs voor kunnen vinden)

Solar @ Dongen: http://solar.searchy.net/ - Penpal International: http://ppi.searchy.net/

dinsdag 28 november 2006 09:17

Acties:
  • Keiichi
  • Registratie: Juni 2005
  • Laatst online: 01-12 19:36

Keiichi

Topicstarter
Een kick dan maar.

Ben er zelf nog steeds niet uitgekomen :{

Solar @ Dongen: http://solar.searchy.net/ - Penpal International: http://ppi.searchy.net/

dinsdag 28 november 2006 09:46

Acties:
  • Atari Paul
  • Registratie: November 2002
  • Nu online

Atari Paul

Hmm, het enige wat bij mij als mogelijkheid zo naar boven komt, is om de apache logs te parsen.
Daar kun je in ieder geval de juiste requests uitfilteren (ik weet trouwens niet of je al getest hebt met de reserved variables in PHP, kan me zo voorstellen dat 'AUTH_TYPE' nog nuttige informatie teruggeeft).

Ok, zojuist even wat getest met PHP en een client certificate, dit is de info die PHP in ieder geval teruggeeft nar een print_r($_SERVER); (wel gevoelige info uitgesterd).

code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

Array
(
    [UNIQUE_ID] => yJ4engqWAeYAABnoscAAAAAA
    [HTTPS] => on
    [SSL_VERSION_INTERFACE] => mod_ssl/2.0.46
    [SSL_VERSION_LIBRARY] => OpenSSL/0.9.7a
    [SSL_PROTOCOL] => TLSv1
    [SSL_CIPHER] => DHE-RSA-AES256-SHA
    [SSL_CIPHER_EXPORT] => false
    [SSL_CIPHER_USEKEYSIZE] => 256
    [SSL_CIPHER_ALGKEYSIZE] => 256
    [SSL_CLIENT_VERIFY] => SUCCESS
    [SSL_CLIENT_M_VERSION] => 3
    [SSL_CLIENT_M_SERIAL] => 01F8
    [SSL_CLIENT_V_START] => Nov 15 09:58:02 2006 GMT
    [SSL_CLIENT_V_END] => Jul 24 09:58:02 2020 GMT
    [SSL_CLIENT_V_REMAIN] => 4988
    [SSL_CLIENT_S_DN] => /C=NL/ST=Unknown/O=***********/CN=001717
    [SSL_CLIENT_S_DN_C] => NL
    [SSL_CLIENT_S_DN_ST] => Unknown
    [SSL_CLIENT_S_DN_O] => ***********
    [SSL_CLIENT_S_DN_CN] => 001717
    [SSL_CLIENT_I_DN] => /C=NL/ST=***********/L=***********/O=***********/CN=***********/emailAddress=***********
    [SSL_CLIENT_I_DN_C] => NL
    [SSL_CLIENT_I_DN_ST] => ***********
    [SSL_CLIENT_I_DN_L] => ***********
    [SSL_CLIENT_I_DN_O] => ***********
    [SSL_CLIENT_I_DN_CN] => ***********
    [SSL_CLIENT_I_DN_Email] => ***********
    [SSL_CLIENT_A_KEY] => rsaEncryption
    [SSL_CLIENT_A_SIG] => md5WithRSAEncryption
    [SSL_SERVER_M_VERSION] => 3
    [SSL_SERVER_M_SERIAL] => 00
    [SSL_SERVER_V_START] => May 15 11:44:08 2003 GMT
    [SSL_SERVER_V_END] => Jul 17 05:15:52 2031 GMT
    [SSL_SERVER_S_DN] => /C=NL/ST=***********/L=***********/O=***********/CN=***********/emailAddress=***********
    [SSL_SERVER_S_DN_C] => NL
    [SSL_SERVER_S_DN_ST] => ***********
    [SSL_SERVER_S_DN_L] => ***********
    [SSL_SERVER_S_DN_O] => ***********
    [SSL_SERVER_S_DN_CN] => ***********
    [SSL_SERVER_S_DN_Email] => ***********
    [SSL_SERVER_I_DN] => /C=NL/ST=***********/L=***********/O=***********/CN=***********Address=***********
    [SSL_SERVER_I_DN_C] => NL
    [SSL_SERVER_I_DN_ST] => ***********
    [SSL_SERVER_I_DN_L] => ***********
    [SSL_SERVER_I_DN_O] => ***********
    [SSL_SERVER_I_DN_CN] => ***********
    [SSL_SERVER_I_DN_Email] => ***********
    [SSL_SERVER_A_KEY] => rsaEncryption
    [SSL_SERVER_A_SIG] => md5WithRSAEncryption
    [SSL_SESSION_ID] => 0DB243676EF5B2D50D89261687E7A4051A529746676BDC6E60F3A7150F58C768
    [HTTP_HOST] => ***********
    [HTTP_USER_AGENT] => Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
    [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_ACCEPT_ENCODING] => gzip,deflate
    [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
    [HTTP_KEEP_ALIVE] => 300
    [HTTP_CONNECTION] => keep-alive
    [HTTP_COOKIE] => __utmz=113113613.1164017034.1.1.utmccn=(organic)|utmcsr=google|utmctr=ul+li+internet+explorer+hover|utmcmd=organic; __utma=113113613.1877936448.1164017034.1164017034.1164017034.1; PHPSESSID=6746d426fdadd29c71d04c809bc4af40
    [HTTP_CACHE_CONTROL] => max-age=0
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
    [SERVER_SIGNATURE] => 
Apache/2.0.46 (Red Hat) Server at *********** Port 443


    [SERVER_SOFTWARE] => Apache/2.0.46 (Red Hat)
    [SERVER_NAME] => ***********
    [SERVER_ADDR] => ***********
    [SERVER_PORT] => 443
    [REMOTE_ADDR] => ***********
    [DOCUMENT_ROOT] => /var/www/html
    [SERVER_ADMIN] => ***********
    [SCRIPT_FILENAME] => ***********
    [REMOTE_PORT] => 44199
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [REQUEST_URI] => ***********
    [SCRIPT_NAME] => ***********
    [PHP_SELF] => ***********
    [PATH_TRANSLATED] => ***********
    [argv] => Array
        (
        )

    [argc] => 0
)

[ Voor 86% gewijzigd door Atari Paul op 28-11-2006 09:57 ]

Stability ?? My Atari still has it :)

Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq