Skip to content

code-troopers/docker-apache-client-cert-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
certs
certs
 
 
vhosts
vhosts
 
 
Dockerfile
Dockerfile
 
 
README.adoc
README.adoc
 
 

Repository files navigation

Docker image to test Apache SSL Client Certificate

This is an exerpt from Kanboard base docker image (https://github.com/kanboard/docker-apache-client-certificate), kudos to original maintainer.

Create SSL certificates

Server certificate

To generate your server certificate (defaulting to localhost for local testing) :

CA and Server SSL certificate:

# Generate self-signed certificate CA
openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes \
-keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer

# Generate private server key
openssl genrsa -out server.key 2048

# Generate CSR
# Use hostname for CommonName
openssl req -config ./openssl.cnf -new -key server.key -out server.req

# Issue server certificate
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key \
-set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer

rm -f server.req

Client certificate

Either use the one you got from your CA or generate a new one.

Generate your client certificate

Client SSL certificate:

# Private key for client
openssl genrsa -out client.key 2048

# Generate client CSR
# Put the username as CommonName and the user email address
openssl req -config ./openssl.cnf -new -key client.key -out client.req

# Issue client certificate
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key \
-set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer
cp ca.cer clientca.crt

# Export client certificate
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

rm -f client.key client.cer client.req

Either way you will need to put the certificate of the CA that generated your client certificate in the file clientca.crt before building the docker image, otherwise you’re at risk getting a handshake failure (due to an unknown issuer ca)

Run the test

If you want to build and run the docker image locally to test it, you can with the following commands :

docker build -t codetroopers/apache-client-cert-check . docker run -it --rm -p 443:443 codetroopers/apache-client-cert-check

If you don’t want to build it, you can use the prebuilt image by mounting the directory structure containing your certificates: docker run -it --rm -v $(pwd):/etc/apache2/ssl -p 443:443 codetroopers/apache-client-certcate-check

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published