[users@httpd] Apache 2.2.3 and PKI Token certificate Authentication

[Saravanan Kannan <my...@gmail.com>]

Dear Apache users,

We need some guidance (or) installation steps on how to implement the PKI
token certificates with Apache Web Server 2.2.3 for authentication purposes.
Currently our production environment uses the iPlanet 6.1 webserver and
Weblogic 10.0 as the application layer. The iPlanet 6.1 webserver will be
migrated to Apache 2.2.3 and the PKI Token certificate will be configured
for the authentication. We currently do not have expertise in our group in
how to configure the Apache 2.2.3 webserver with the PKI token certification
for authentication. Any reference materials or steps invovled in configuring
the PKI Token certificate for authentication will be helpful.

OS = Linux ( SLES 10 MP2)
Apache Version = 2.2.3
Application = Custom J2EE application
Application Server = WebLogic 10.0

Thank you ,
Sarva

Re: [users@httpd] Apache 2.2.3 and PKI Token certificate Authentication

[Saravanan Kannan <my...@gmail.com>]

Dear Sander,

Thank you for the input we will try this in our development environment and
provide the results as soon as possible.I believe the Software version came
with the SuSE OS and check around if this can be updated.


Appreciate your help.

Regards,

Sarva

Re: [users@httpd] Apache 2.2.3 and PKI Token certificate Authentication

[Sander Temme <sc...@apache.org>]

Sarva, 

On Nov 3, 2010, at 9:31 AM, Saravanan Kannan wrote:

> We need some guidance (or) installation steps on how to implement the PKI token certificates with Apache Web Server 2.2.3 for authentication purposes. Currently our production environment uses the iPlanet 6.1 webserver and Weblogic 10.0 as the application layer. The iPlanet 6.1 webserver will be migrated to Apache 2.2.3 and the PKI Token certificate will be configured for the authentication. We currently do not have expertise in our group in how to configure the Apache 2.2.3 webserver with the PKI token certification for authentication. Any reference materials or steps invovled in configuring the PKI Token certificate for authentication will be helpful.


Apache comes with mod_ssl, which runs on top of OpenSSL.  OpenSSL uses PEM-encoded key and certificate files: it does not have the concept of a Token like iPlanet does.  

You need to export the key, certificate and certificate chain from the Token into PEM files for use by Apache.  

There is a module called mod_nss which uses the Netscape Security Library, the same crypto back-end used by iPlanet.  This should allow you to use the same Token that you currently use.  It was created by Red Hat, so I don't know if it's available on SuSE.  I have not tried it. 

> OS = Linux ( SLES 10 MP2)
> Apache Version = 2.2.3

Are you using Apache 2.2.3 as it came with your operating system?  If you downloaded and installed it yourself, keep in mind that 2.2.3 is quite old and we have released new versions since.  If you got it from SuSE, they will update it for you.

S.

-- 
Sander Temme
sctemme@apache.org
PGP FP: FC5A 6FC6 2E25 2DFD 8007  EE23 9BB8 63B0 F51B B88A

View my availability: http://tungle.me/sctemme




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org