Project

General

Profile

Forums » Open discussion »

SSL Client Auth Example question

Added by Jeff Flesher over 11 years ago

Do you need to have Apache setup on the Machine if you are only use wt-httpd in the methods in your example SSLClientAuth?

I have setup a Self Signed Cert, I am using QtCreator with the run command:

---docroot . ---http-address 0.0.0.0 ---http-port 8080 ---ssl-certificate /etc/httpd/conf/server.crt ---ssl-private-key /etc/httpd/conf/server.key ---ssl-tmp-dh=projects/ssl/dh512.pem ---ssl-enable-v3 ---ssl-client-verification=required ---ssl-verify-depth=15 ---ssl-ca-certificates=/etc/httpd/conf/server.crt

Note: I do not have ssl-tmp-dh, nor do I know if its required, but same results without it, in fact, same with just ---docroot . ---http-address 0.0.0.0 ---http-port 8080,

which makes me wonder if I am doing this right.

I used this script to create the Cert:

cd /etc/httpd/conf/

sudo openssl genrsa -out server.key 4096

sudo chmod 600 server.key

sudo openssl req -new -key server.key -out server.csr

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

and it checked out ok, so the paths to the cert are there and verified.

I hit the code message:

Not an SSL session, or no client certificate available. Please read the readme file in examples/feature/client-ssl-auth for more info.

Then I tried to get more info by doing this:

Wt::WValidator::Result results = sslInfo->clientVerificationResult();

new Wt::WText("Not an SSL session, or no client certificate available. Please read the readme file in examples/feature/client-ssl-auth for more info." + results.message(), root());

This didn't work, or its not the right way to do it, any clue which one?

After a long recovery from being hit in the head by a Micro Meteorite, I am back to working on the Witty Wizard CMS,

I do not want to have Apache installed for security reasons,

I want to require a public/private Cert, but do not want it to bomb if its not there,

but if it is, give the user a button to log in using the servers users,

so I can log in as root, and run root commands from the web page,

like Virtualmin or cPanel,

so I can maintain the server from the CMS,

so I was wondering if you have a function to authenticate using local users on the server its ran from?

If this requires Apache, is there a workaround to make something like this work without?

What I need is the most secure way to log in as root and run root commands.

Thanks