Voting

Please answer this simple SPAM challenge: min(two, four)?
(Example: nine)

The Note You're Voting On

chris at schaake dot nu
12 years ago
A simple script for SSL Client Certificate authentication with a basic authentication fall-back. I use this on my site using LDAP server to check username/passwords and client certificate to user mapping.

<?
// Check if and how we are authenticated
if ($_SERVER['SSL_CLIENT_VERIFY'] != "SUCCESS") { // Not using a client certificate
   
if ((!$_SERVER['PHP_AUTH_USER']) && (!$_SERVER['PHP_AUTH_PW'])) { // Not logged in using basic authentication
       
authenticate(); // Send basic authentication headers
   
}
}

if (
$_SERVER['SSL_CLIENT_S_DN_CN'] != "chris") { // Check CN name of cert

   
if (!(($_SERVER['PHP_AUTH_USER'] == "test") && ($_SERVER['PHP_AUTH_PW'] == "123"))) { // Check username and password
       
authenticate(); // Send basic authentication headers because username and/or password didnot match
   
}
}

phpinfo();

// Call authentication display
function authenticate() {
   
Header("WWW-Authenticate: Basic realm=Website");
       
Header("HTTP/1.0 401 Unauthorized");
       
error401();
        exit;
}
?>

See my website (http://www.schaake.nu/index.php?page=/manuals/sslmanual.xml) for more details on client certificate with Apache and PHP.

<< Back to user notes page

To Top