Hello,
We seem to have a problem with setting up TLS Client Certificate Authentication on our cPanel / WHM server. This system for authenticating users with x509 certificates is important, because there are government issued smartcards with such certificates. Using them for both registration, log in and access control is required.
While previous discussions about this kind of authentication haven't reached any meaningful conclusion, there is an old feature request about this topic:
SSLCACertificateFile and SSLCACertificatePath
Apache supports this kind of authentication and there are several related directives like:
I would prefer if WHM would have direct support for this authentication scheme. Preferably with some CAs trusted by default (and the ability to disable trusting them) and providing users the ability to trust other CAs.
We seem to have a problem with setting up TLS Client Certificate Authentication on our cPanel / WHM server. This system for authenticating users with x509 certificates is important, because there are government issued smartcards with such certificates. Using them for both registration, log in and access control is required.
While previous discussions about this kind of authentication haven't reached any meaningful conclusion, there is an old feature request about this topic:
SSLCACertificateFile and SSLCACertificatePath
Apache supports this kind of authentication and there are several related directives like:
- SSLVerifyClient
- SSLVerifyDepth
- SSLOptions
- SSLOCSPEnable
I would prefer if WHM would have direct support for this authentication scheme. Preferably with some CAs trusted by default (and the ability to disable trusting them) and providing users the ability to trust other CAs.
