SSL in Authentication

rangalo

Hello all,

I want to use SSL in user authentication. Can anybody tell me how should i go about it ?

thanks

dalecosp

That's a real general question.

Here's a real general answer:

a] Write an authentication script, preferably in PHP.

b] Install a secure server, such as Apache+mod_ssl.

c] Place script a] on server b] ....

MarkR

Go and read some tutorials for your web server, as to how to set it up.

In the case of Apache (2.0), you need to set up mod_ssl to accept client certificates, and check them against a trusted root certificate. Then you can authenticate based on the CN of the certificate or whatever (I think).

Note that you probably don't really wan to use SSL for authentication. It requires a high administrative overhead to securely issue and distribute the client certificates.

If you don't already have a PKI setup in place for creation / distribution of SSL client certificates, you should probably not bother.

Mark