Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

TLS Client Certificate Authentication in PHP, under EasyAppache

Discussion in 'EasyApache' started by ICD2000, Oct 25, 2018.

  1. ICD2000

    ICD2000 Registered

    Oct 21, 2005
    Likes Received:
    Trophy Points:

    We seem to have a problem with setting up TLS Client Certificate Authentication on our cPanel / WHM server. This system for authenticating users with x509 certificates is important, because there are government issued smartcards with such certificates. Using them for both registration, log in and access control is required.

    While previous discussions about this kind of authentication haven't reached any meaningful conclusion, there is an old feature request about this topic:

    SSLCACertificateFile and SSLCACertificatePath

    Apache supports this kind of authentication and there are several related directives like:
    • SSLVerifyClient
    • SSLVerifyDepth
    • SSLOptions
    • SSLOCSPEnable
    It is about mutual authentication and is there to verify the identity of client in addition to verifying identity of the server.

    I would prefer if WHM would have direct support for this authentication scheme. Preferably with some CAs trusted by default (and the ability to disable trusting them) and providing users the ability to trust other CAs.
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @ICD2000,

    I encourage you to open a new feature request with the specifics of what you'd like to see added to the product:

    Submit A Feature Request

    In the meantime, you should be able to manually configure those Apache directives using virtual host include files for your domains. The following document explains how to setup custom Apache includes:

    Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

    The following CloudFlare document provides an example of how this might look:

    Setting up Apache to use TLS Authenticated Origin Pulls

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice