To have some directories on my server protected by more than a simple username and password, I wanted to use SSL and client certificates. I could easily restrict the directories to my local network IP-addresses, but when I’m “outside” that would present a problem. Hence the solution with client certificates.<\/p>\n
<\/p>\n
As I blogged earlier, I requested a real server certificate from the people at Xolphin<\/a>. Nice people, low prices, fast service. But…..you cannot create\/sign client certificates with such a certificate. You need the real certificate installed on the server, and you need to create a certificate that has been created\/signed by you as a fake Certificate Authority. The Fake CA has to be known to Apache and to your browser. Next the client certificate (created\/signed by the Fake CA) must be imported into your browser, and of course the directories you want to protect need to be in the SSL-configuration of Apache.<\/p>\n <\/p>\n Now that I know how it works, it is simple, but most guides on the internet either follow the Fake CA principle (so you don’t need to buy a real certificate) or they only use a real certificate. Spending money to have your SSL-certificate-supplier do the job for you is another thing. But this works. And for € 10 (excluding VAT) per year I now have a real server certificate, and I can further protect my server with my own certificates.<\/p>\n","protected":false},"excerpt":{"rendered":" To have some directories on my server protected by more than a simple username and password, I wanted to use SSL and client certificates. I could easily restrict the directories to my local network IP-addresses, but when I’m “outside” that would present a problem. Hence the solution with client certificates. As I blogged earlier, […]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[131,76,77,84],"class_list":["post-1198","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-internet","tag-security","tag-server","tag-weblog","category-1-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/posts\/1198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/comments?post=1198"}],"version-history":[{"count":3,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/posts\/1198\/revisions"}],"predecessor-version":[{"id":1201,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/posts\/1198\/revisions\/1201"}],"wp:attachment":[{"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/media?parent=1198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/categories?post=1198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.switchbl8.nl\/blog\/wp-json\/wp\/v2\/tags?post=1198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}