--- /dev/null
+issuer :/C=AU/ST=Some-State/L=Somewhere/O=Linux Test Server/OU=Test Certificate/CN=localhost/Email=root@localhost
+subject:/C=AU/ST=Some-State/L=Somewhare/O=Linux Test Server/OU=Test Certificate/CN=localhost/Email=root@localhost
+serial :01
+
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, L=Somewhere, O=Linux Test Server, OU=Test Certificate, CN=localhost/Email=root@localhost
+ Validity
+ Not Before: May 22 00:47:08 1999 GMT
+ Not After : May 21 00:47:08 2000 GMT
+ Subject: C=AU, ST=Some-State, L=Somewhare, O=Linux Test Server, OU=Test Certificate, CN=localhost/Email=root@localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b5:69:d7:83:50:91:13:b0:04:34:05:68:6d:61:
+ 48:76:b1:d6:7b:8a:10:1a:f3:66:8d:06:2b:fe:de:
+ 1e:22:c1:f2:ae:4e:0e:3a:a3:33:0e:ff:4f:19:d4:
+ 9a:6a:6f:94:34:d0:6a:74:3d:7c:a0:07:a8:a4:8a:
+ c4:2a:e2:89:62:ed:57:e0:9f:0c:24:1f:da:ab:e4:
+ 45:ad:b9:c4:27:19:da:d2:99:c3:c1:7c:04:31:fa:
+ 8b:be:40:44:ae:bf:bf:a0:8b:3c:d3:ff:5a:84:72:
+ d6:89:09:3e:0d:c5:bd:f4:b3:d1:49:48:22:00:76:
+ 06:71:b9:7d:bb:b4:2e:34:83
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 5d:98:a4:ab:74:ce:5c:0e:26:7a:59:fb:ba:04:d8:73:56:f3:
+ 26:61:60:2f:a6:47:e8:86:14:e1:be:30:67:6f:af:88:cc:20:
+ bc:f8:3c:6c:f0:1e:04:ba:e8:1c:63:62:0e:98:9e:2f:1f:d5:
+ ac:35:b6:fa:28:62:3c:04:3e:1d:69:cf:97:ab:d3:e1:9a:e7:
+ 65:ed:97:0a:83:08:75:4d:56:5c:21:d1:2f:9f:fd:c8:2c:cb:
+ c7:c0:10:4c:41:ca:a8:fc:55:e6:27:d9:b6:54:e2:88:f3:89:
+ e5:68:99:01:92:a1:88:ac:06:02:5c:9f:6c:53:92:38:72:69:
+ d9:a6
+
+-----BEGIN CERTIFICATE-----
+MIICsTCCAhoCAQEwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21ld2hlcmUxGjAYBgNVBAoTEUxp
+bnV4IFRlc3QgU2VydmVyMRkwFwYDVQQLExBUZXN0IENlcnRpZmljYXRlMRIwEAYD
+VQQDEwlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4X
+DTk5MDUyMjAwNDcwOFoXDTAwMDUyMTAwNDcwOFowgaAxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21ld2hhcmUxGjAYBgNVBAoT
+EUxpbnV4IFRlc3QgU2VydmVyMRkwFwYDVQQLExBUZXN0IENlcnRpZmljYXRlMRIw
+EAYDVQQDEwlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1adeDUJETsAQ0BWhtYUh2sdZ7
+ihAa82aNBiv+3h4iwfKuTg46ozMO/08Z1Jpqb5Q00Gp0PXygB6ikisQq4oli7Vfg
+nwwkH9qr5EWtucQnGdrSmcPBfAQx+ou+QESuv7+gizzT/1qEctaJCT4Nxb30s9FJ
+SCIAdgZxuX27tC40gwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAF2YpKt0zlwOJnpZ
++7oE2HNW8yZhYC+mR+iGFOG+MGdvr4jMILz4PGzwHgS66BxjYg6Yni8f1aw1tvoo
+YjwEPh1pz5er0+Ga52XtlwqDCHVNVlwh0S+f/cgsy8fAEExByqj8VeYn2bZU4ojz
+ieVomQGSoYisBgJcn2xTkjhyadmm
+-----END CERTIFICATE-----
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC1adeDUJETsAQ0BWhtYUh2sdZ7ihAa82aNBiv+3h4iwfKuTg46
+ozMO/08Z1Jpqb5Q00Gp0PXygB6ikisQq4oli7VfgnwwkH9qr5EWtucQnGdrSmcPB
+fAQx+ou+QESuv7+gizzT/1qEctaJCT4Nxb30s9FJSCIAdgZxuX27tC40gwIDAQAB
+AoGBAIJ5iD3ykRUm0C8WAKBCipqLlyYtCx5HFuewm63n1KbM9Ry2GPfFbrCHoT2D
+sjeA3ogJqbbGjj6Oo5UMFMB/Q61DU3J7EOyjtraUd3Z38mN9yIK+w1taEESe8KBx
+/NhSEpdqHUbVUTXs/rrvIi3AcJeBxt81w3pCL0olaeaUdGxJAkEA5Q5p164+X+HP
+pKoa6dApnxZy1DZJoTVk52k6PMt6zZiHqA8sh7rUhb9YumrW9qGmSRSyqzqbDvno
+J7eWt24BdwJBAMrAwY7saJWQNdGoeRO4E3xitQ50haMICAuxVourl4yd5DIHwWdM
+HasCzOKMQYhE+x3SwjNI7fujb6+XUQ9ECFUCQQCFBbXaF8sJi+42xsMSfl1tkm/l
+ZhGkmYmcCrRTkigjNi2yH/3QZWP+uH0i5eEpIf+b+XU5k7NxIxj719ajeDNJAkAX
+upNsnLJovqXt0Z/J9QMizZKPDIgPWoNGiwyr7/sek+P/DvVNl5TpTLyZzvxkbF5P
+UTk1M1XW23vYuwbbmIS5AkBTmQu6nKkGa2IiYCmo9OWH4eINxKs0F3h9tch9Xz8g
+L/0cBZIsnckVV0K1YrQdv/2IfhUSVM0xzrLcAY49dfm2
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+ <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]">
+ <title>Test Page for Mandrake Linux's Apache Installation</title>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+</head>
+<body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000">
+
+<center><a href="http://www.thawte.com/">
+<img SRC="http://www.thawte.com/certs/logos/thawte1.gif" BORDER=0></a>
+</center>
+
+<TITLE>About the Strong Extranet</TITLE>
+
+<H1> About the Strong Extranet</H1>
+<pre>
+The Strong Extranet allows you to use digital certificates to authenticate
+users on your web server. Typically, your users enroll in your Strong
+Extranet, under your control, through the Thawte Personal Cert System.
+
+BENEFITS OF THE STRONG EXTRANET
+
+ 1. SXNet certificates contain usernames. You can allocate these usernames
+ to users as required, and your server will extract the username from the
+ certificate when a user accesses your server. Your CGI scripts can
+ obtain the username in the same way they do so with password
+ authentication, through the REMOTE_USER environment variable.
+
+ 2. Low cost of CA. Thawte provides a full-server CA infrastructure for
+ your Strong Extranet users for $1000 per year for up to 10 000 users.
+ That's the lowest cost CA program, period.
+
+ 3. Full control and security. Users are enrolled in your Strong Extranet
+ under your full control. There are several enrollment methods with
+ different levels of security. Choose the one which suits your business
+ processes and requirements.
+
+MORE INFORMATION
+
+<A HREF="http://www.thawte.com/certs/strongextranet/">
+http://www.thawte.com/certs/strongextranet/</A>
+
+<HR>
+USING THE MODULE:
+
+ The module adds the following directives:
+
+ AuthType StrongExtranet
+ SXNetZone a number (the zone number)
+ SXNetGroupFile /path/to/groups/file
+ SXNetB64EncodeID on/off
+
+ "AuthType StrongExtranet" tells the server to use Strong Extranet
+ Authentication in that directory. It's the equivalent of
+ "AuthType Basic" or "AuthType Digest". Note that you need to
+ have turned ON client certificate requesting, and set the CA
+ details, as part of normal SSL configuration.
+
+ The SXNetZone is a single integer. It defines the zone in which
+ the client has to have an ID in order to gain access to the directory.
+ The Thawte ACME Test Zone is 2, so use that for demos.
+
+ The SXNetGroupFile is a file that can be used to put users in groups,
+ just like the standard Basic authentication mechanism.
+
+ SXNetB64EncodeID allows you to have the ID base64 encoded before it
+ is put into the REMOTE_USER CGI variable. Use this if your ID can be
+ 8-bit.
+
+Example:
+
+The following configuration snippet will setup the server to require
+that client certs have the StrongExtranet extension, with an ID in
+zone 23 embedded:
+
+ <Directory />
+ AuthType StrongExtranet
+ AuthName Test Extranet
+ SXNetB64EncodeID on
+ SXNetZone 23
+ SXNetGroupFile /etc/httpd/groups
+ require valid-user
+ </Directory>
+
+</PRE>
--- /dev/null
+LoadModule ssl_module /usr/lib/apache/libssl.so
+
+##--------------------------------------------------------------------------
+## Add additional SSL configuration directives which provide a
+## robust default configuration: virtual server on port 443
+## which speaks SSL.
+##--------------------------------------------------------------------------
+##
+## SSL Support
+##
+## When we also provide SSL we have to listen to the
+## standard HTTP port (see above) and to the HTTPS port
+##
+Listen 443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First either `none'
+# or `dbm:/path/to/file' for the mechanism to use and
+# second the expiring timeout (in seconds).
+#SSLSessionCache none
+#SSLSessionCache dbm:logs/ssl_scache
+SSLSessionCache shm:logs/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual explusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:logs/ssl_mutex
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+# Logging:
+# The home of the dedicated SSL protocol logfile. Errors are
+# additionally duplicated in the general error log file. Put
+# this somewhere where it cannot be used for symlink attacks on
+# a real server (i.e. somewhere where only root can write).
+# Log levels are (ascending order: higher ones include lower ones):
+# none, error, warn, info, trace, debug.
+SSLLog logs/ssl_engine_log
+SSLLogLevel info
+
--- /dev/null
+issuer :/C=AU/ST=Some-State/L=Somewhere/O=Linux Test Server/OU=Test Certificate/CN=localhost/Email=root@localhost
+subject:/C=AU/ST=Some-State/L=Somewhare/O=Linux Test Server/OU=Test Certificate/CN=localhost/Email=root@localhost
+serial :01
+
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, L=Somewhere, O=Linux Test Server, OU=Test Certificate, CN=localhost/Email=root@localhost
+ Validity
+ Not Before: May 22 00:47:08 1999 GMT
+ Not After : May 21 00:47:08 2000 GMT
+ Subject: C=AU, ST=Some-State, L=Somewhare, O=Linux Test Server, OU=Test Certificate, CN=localhost/Email=root@localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b5:69:d7:83:50:91:13:b0:04:34:05:68:6d:61:
+ 48:76:b1:d6:7b:8a:10:1a:f3:66:8d:06:2b:fe:de:
+ 1e:22:c1:f2:ae:4e:0e:3a:a3:33:0e:ff:4f:19:d4:
+ 9a:6a:6f:94:34:d0:6a:74:3d:7c:a0:07:a8:a4:8a:
+ c4:2a:e2:89:62:ed:57:e0:9f:0c:24:1f:da:ab:e4:
+ 45:ad:b9:c4:27:19:da:d2:99:c3:c1:7c:04:31:fa:
+ 8b:be:40:44:ae:bf:bf:a0:8b:3c:d3:ff:5a:84:72:
+ d6:89:09:3e:0d:c5:bd:f4:b3:d1:49:48:22:00:76:
+ 06:71:b9:7d:bb:b4:2e:34:83
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 5d:98:a4:ab:74:ce:5c:0e:26:7a:59:fb:ba:04:d8:73:56:f3:
+ 26:61:60:2f:a6:47:e8:86:14:e1:be:30:67:6f:af:88:cc:20:
+ bc:f8:3c:6c:f0:1e:04:ba:e8:1c:63:62:0e:98:9e:2f:1f:d5:
+ ac:35:b6:fa:28:62:3c:04:3e:1d:69:cf:97:ab:d3:e1:9a:e7:
+ 65:ed:97:0a:83:08:75:4d:56:5c:21:d1:2f:9f:fd:c8:2c:cb:
+ c7:c0:10:4c:41:ca:a8:fc:55:e6:27:d9:b6:54:e2:88:f3:89:
+ e5:68:99:01:92:a1:88:ac:06:02:5c:9f:6c:53:92:38:72:69:
+ d9:a6
+
+-----BEGIN CERTIFICATE-----
+MIICsTCCAhoCAQEwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21ld2hlcmUxGjAYBgNVBAoTEUxp
+bnV4IFRlc3QgU2VydmVyMRkwFwYDVQQLExBUZXN0IENlcnRpZmljYXRlMRIwEAYD
+VQQDEwlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4X
+DTk5MDUyMjAwNDcwOFoXDTAwMDUyMTAwNDcwOFowgaAxCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21ld2hhcmUxGjAYBgNVBAoT
+EUxpbnV4IFRlc3QgU2VydmVyMRkwFwYDVQQLExBUZXN0IENlcnRpZmljYXRlMRIw
+EAYDVQQDEwlsb2NhbGhvc3QxHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1adeDUJETsAQ0BWhtYUh2sdZ7
+ihAa82aNBiv+3h4iwfKuTg46ozMO/08Z1Jpqb5Q00Gp0PXygB6ikisQq4oli7Vfg
+nwwkH9qr5EWtucQnGdrSmcPBfAQx+ou+QESuv7+gizzT/1qEctaJCT4Nxb30s9FJ
+SCIAdgZxuX27tC40gwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAF2YpKt0zlwOJnpZ
++7oE2HNW8yZhYC+mR+iGFOG+MGdvr4jMILz4PGzwHgS66BxjYg6Yni8f1aw1tvoo
+YjwEPh1pz5er0+Ga52XtlwqDCHVNVlwh0S+f/cgsy8fAEExByqj8VeYn2bZU4ojz
+ieVomQGSoYisBgJcn2xTkjhyadmm
+-----END CERTIFICATE-----
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC1adeDUJETsAQ0BWhtYUh2sdZ7ihAa82aNBiv+3h4iwfKuTg46
+ozMO/08Z1Jpqb5Q00Gp0PXygB6ikisQq4oli7VfgnwwkH9qr5EWtucQnGdrSmcPB
+fAQx+ou+QESuv7+gizzT/1qEctaJCT4Nxb30s9FJSCIAdgZxuX27tC40gwIDAQAB
+AoGBAIJ5iD3ykRUm0C8WAKBCipqLlyYtCx5HFuewm63n1KbM9Ry2GPfFbrCHoT2D
+sjeA3ogJqbbGjj6Oo5UMFMB/Q61DU3J7EOyjtraUd3Z38mN9yIK+w1taEESe8KBx
+/NhSEpdqHUbVUTXs/rrvIi3AcJeBxt81w3pCL0olaeaUdGxJAkEA5Q5p164+X+HP
+pKoa6dApnxZy1DZJoTVk52k6PMt6zZiHqA8sh7rUhb9YumrW9qGmSRSyqzqbDvno
+J7eWt24BdwJBAMrAwY7saJWQNdGoeRO4E3xitQ50haMICAuxVourl4yd5DIHwWdM
+HasCzOKMQYhE+x3SwjNI7fujb6+XUQ9ECFUCQQCFBbXaF8sJi+42xsMSfl1tkm/l
+ZhGkmYmcCrRTkigjNi2yH/3QZWP+uH0i5eEpIf+b+XU5k7NxIxj719ajeDNJAkAX
+upNsnLJovqXt0Z/J9QMizZKPDIgPWoNGiwyr7/sek+P/DvVNl5TpTLyZzvxkbF5P
+UTk1M1XW23vYuwbbmIS5AkBTmQu6nKkGa2IiYCmo9OWH4eINxKs0F3h9tch9Xz8g
+L/0cBZIsnckVV0K1YrQdv/2IfhUSVM0xzrLcAY49dfm2
+-----END RSA PRIVATE KEY-----
--- /dev/null
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+ <meta name="GENERATOR" content="Mozilla/4.6 [en] (X11; I; Linux 2.2.9-23mdk i686) [Netscape]">
+ <title>Test Page for Mandrake Linux's Apache Installation</title>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+</head>
+<body text="#000000" bgcolor="#FFFFFF" link="#0000FF" vlink="#000080" alink="#FF0000">
+
+<center><a href="http://www.thawte.com/">
+<img SRC="http://www.thawte.com/certs/logos/thawte1.gif" BORDER=0></a>
+</center>
+
+<TITLE>About the Strong Extranet</TITLE>
+
+<H1> About the Strong Extranet</H1>
+<pre>
+The Strong Extranet allows you to use digital certificates to authenticate
+users on your web server. Typically, your users enroll in your Strong
+Extranet, under your control, through the Thawte Personal Cert System.
+
+BENEFITS OF THE STRONG EXTRANET
+
+ 1. SXNet certificates contain usernames. You can allocate these usernames
+ to users as required, and your server will extract the username from the
+ certificate when a user accesses your server. Your CGI scripts can
+ obtain the username in the same way they do so with password
+ authentication, through the REMOTE_USER environment variable.
+
+ 2. Low cost of CA. Thawte provides a full-server CA infrastructure for
+ your Strong Extranet users for $1000 per year for up to 10 000 users.
+ That's the lowest cost CA program, period.
+
+ 3. Full control and security. Users are enrolled in your Strong Extranet
+ under your full control. There are several enrollment methods with
+ different levels of security. Choose the one which suits your business
+ processes and requirements.
+
+MORE INFORMATION
+
+<A HREF="http://www.thawte.com/certs/strongextranet/">
+http://www.thawte.com/certs/strongextranet/</A>
+
+<HR>
+USING THE MODULE:
+
+ The module adds the following directives:
+
+ AuthType StrongExtranet
+ SXNetZone a number (the zone number)
+ SXNetGroupFile /path/to/groups/file
+ SXNetB64EncodeID on/off
+
+ "AuthType StrongExtranet" tells the server to use Strong Extranet
+ Authentication in that directory. It's the equivalent of
+ "AuthType Basic" or "AuthType Digest". Note that you need to
+ have turned ON client certificate requesting, and set the CA
+ details, as part of normal SSL configuration.
+
+ The SXNetZone is a single integer. It defines the zone in which
+ the client has to have an ID in order to gain access to the directory.
+ The Thawte ACME Test Zone is 2, so use that for demos.
+
+ The SXNetGroupFile is a file that can be used to put users in groups,
+ just like the standard Basic authentication mechanism.
+
+ SXNetB64EncodeID allows you to have the ID base64 encoded before it
+ is put into the REMOTE_USER CGI variable. Use this if your ID can be
+ 8-bit.
+
+Example:
+
+The following configuration snippet will setup the server to require
+that client certs have the StrongExtranet extension, with an ID in
+zone 23 embedded:
+
+ <Directory />
+ AuthType StrongExtranet
+ AuthName Test Extranet
+ SXNetB64EncodeID on
+ SXNetZone 23
+ SXNetGroupFile /etc/httpd/groups
+ require valid-user
+ </Directory>
+
+</PRE>
projects / packages / apache1-mod_ssl.git / commitdiff