1 <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
4 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
5 <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]">
6 <title>Test Page for Mandrake Linux's Apache Installation</title>
7 <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
9 <body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000">
11 <center><a href="http://www.thawte.com/">
12 <img SRC="http://www.thawte.com/certs/logos/thawte1.gif" BORDER=0></a>
15 <TITLE>About the Strong Extranet</TITLE>
17 <H1> About the Strong Extranet</H1>
19 The Strong Extranet allows you to use digital certificates to authenticate
20 users on your web server. Typically, your users enroll in your Strong
21 Extranet, under your control, through the Thawte Personal Cert System.
23 BENEFITS OF THE STRONG EXTRANET
25 1. SXNet certificates contain usernames. You can allocate these usernames
26 to users as required, and your server will extract the username from the
27 certificate when a user accesses your server. Your CGI scripts can
28 obtain the username in the same way they do so with password
29 authentication, through the REMOTE_USER environment variable.
31 2. Low cost of CA. Thawte provides a full-server CA infrastructure for
32 your Strong Extranet users for $1000 per year for up to 10 000 users.
33 That's the lowest cost CA program, period.
35 3. Full control and security. Users are enrolled in your Strong Extranet
36 under your full control. There are several enrollment methods with
37 different levels of security. Choose the one which suits your business
38 processes and requirements.
42 <A HREF="http://www.thawte.com/certs/strongextranet/">
43 http://www.thawte.com/certs/strongextranet/</A>
48 The module adds the following directives:
50 AuthType StrongExtranet
51 SXNetZone a number (the zone number)
52 SXNetGroupFile /path/to/groups/file
53 SXNetB64EncodeID on/off
55 "AuthType StrongExtranet" tells the server to use Strong Extranet
56 Authentication in that directory. It's the equivalent of
57 "AuthType Basic" or "AuthType Digest". Note that you need to
58 have turned ON client certificate requesting, and set the CA
59 details, as part of normal SSL configuration.
61 The SXNetZone is a single integer. It defines the zone in which
62 the client has to have an ID in order to gain access to the directory.
63 The Thawte ACME Test Zone is 2, so use that for demos.
65 The SXNetGroupFile is a file that can be used to put users in groups,
66 just like the standard Basic authentication mechanism.
68 SXNetB64EncodeID allows you to have the ID base64 encoded before it
69 is put into the REMOTE_USER CGI variable. Use this if your ID can be
74 The following configuration snippet will setup the server to require
75 that client certs have the StrongExtranet extension, with an ID in
79 AuthType StrongExtranet
80 AuthName Test Extranet
83 SXNetGroupFile /etc/httpd/groups