TLS Client Certificate Authentication in PHP, under EasyAppache

ICD2000

Registered
Oct 21, 2005
1
0
151
Hello,

We seem to have a problem with setting up TLS Client Certificate Authentication on our cPanel / WHM server. This system for authenticating users with x509 certificates is important, because there are government issued smartcards with such certificates. Using them for both registration, log in and access control is required.

While previous discussions about this kind of authentication haven't reached any meaningful conclusion, there is an old feature request about this topic:

SSLCACertificateFile and SSLCACertificatePath

Apache supports this kind of authentication and there are several related directives like:
  • SSLVerifyClient
  • SSLVerifyDepth
  • SSLOptions
  • SSLOCSPEnable
It is about mutual authentication and is there to verify the identity of client in addition to verifying identity of the server.

I would prefer if WHM would have direct support for this authentication scheme. Preferably with some CAs trusted by default (and the ability to disable trusting them) and providing users the ability to trust other CAs.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello @ICD2000,

I encourage you to open a new feature request with the specifics of what you'd like to see added to the product:

Submit A Feature Request

In the meantime, you should be able to manually configure those Apache directives using virtual host include files for your domains. The following document explains how to setup custom Apache includes:

Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

The following CloudFlare document provides an example of how this might look:

Setting up Apache to use TLS Authenticated Origin Pulls

Thank you.