Quantcast
Channel: Alextv.net feed from techmiso.disqus.com
Viewing all articles
Browse latest Browse all 25

Re: HOWTO Configure Apache for SSL with DoD CAC Authentication on Ubuntu 9.04

0
0

For RedHat, as of 1/26/2012:

1) Get the certificates from the DOD:

# wget http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.p7b
# wget http://dodpki.c3pki.chamb.disa.mil/dodeca.p7b
# wget http://dodpki.c3pki.chamb.disa.mil/dodeca2.p7b

2) Convert to Apache format:

# openssl pkcs7 -inform DER -outform PEM -in rel3_dodroot_2048.p7b   -out rel3_dodroot_2048.pem -print_certs
# openssl pkcs7 -inform DER -outform PEM -in dodeca.p7b -out dodeca.pem -print_certs
# openssl pkcs7 -inform DER -outform PEM -in dodeca2.p7b -out dodeca2.pem -print_certs

3) Consolidate them into one file:

# cat dodeca2.pem dodeca.pem rel3_dodroot_2048.pem > dod-root-certs.pem

4) Put them all into certs file:

# cp dodeca2.pem dodeca.pem rel3_dodroot_2048.pem dod-root-certs.pem /etc/pki/tls/certs

5) Modify Apache Configuration file (/etc/httpd/conf.d/ssl.conf) by setting the following:

SSLVerifyClient require
SSLVerifyDepth 2
SSLCertificateFile /etc/ssl/certs/<your-host-name>.crt
SSLCertificateKeyFile /etc/ssl/certs/<your-host-name>.pem
SSLCACertificateFile /etc/ssl/certs/dod-root-certs.pem

6) Restart Apache:

# service https restart


Viewing all articles
Browse latest Browse all 25

Latest Images

Trending Articles





Latest Images