From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

SSL certificate based client authentication / mutual SSL authentication

SSL certificate based client authentication

Settings Apache:

SSLEngine on
SSLCertificateFile /home/frank/ssl/
SSLCertificateKeyFile /home/frank/ssl/
SSLCertificateChainFile /home/frank/ssl/RapidSSL_CA_bundle.neu.ct.pem
SSLCACertificateFile /home/frank/ssl/
#SSLVerifyClient require
#SSLVerifyClient optional
SSLVerifyClient optional_no_ca
SSLVerifyDepth 4
SSLOptions +StdEnvVars +ExportCertData

Creating the Client Certificate:

cp /etc/ssl/openssl.cnf ./openssl-for-signing-csrs.cnf
#countryName_default auf "AT" setzen ...
#< countryName = match
#< stateOrProvinceName = match
#< organizationName = match
#> countryName = supplied oder optional
#> stateOrProvinceName = supplied oder optional
#> organizationName = supplied oder optional
mkdir -p demoCA/newcerts
touch demoCA/index.txt
echo 1001 > demoCA/serial
openssl genrsa -out client.key 4096 -sha256
openssl req -new -key client.key -out client.csr
openssl ca -cert -keyfile -out client.crt -in client.csr -config openssl-for-signing-csrs.cnf
openssl pkcs12 -export -inkey client.key -name "Frank" -in client.crt -certfile -out client.p12

#PHP: ssltest.php



Was this answer helpful?

 Print this Article