개인 클라이언트 인증서로 접속 가능한 웹서버 설정

Apache HTTPD 2.4 에서 개인 클라이언트 인증서 적용


다음을 httpd.conf 에 추가

SSLVerifyClient      none
SSLCACertificateFile /../kreonet-ca-chain.pem

<Location />
    Require all granted
</Location>

<Location /secure>
    <If     "-R 'AAA.BBB.CCC.DDD/32'">
    </If>
    <ElseIf "-R 'BBB.CCC.DDD.EEE/32'" >
    </ElseIf>
    <Else>
        SSLVerifyClient require
        SSLVerifyDepth 1
    </Else>
</Location>


참고

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol

https://httpd.apache.org/docs/2.4/mod/core.html#elseif

https://superuser.com/questions/1055171/apache-and-support-for-per-directory-ca

https://www.cl.cam.ac.uk/~jw35/courses/using_https/html/x640.htm

https://httpd.apache.org/docs/2.4/ssl/ssl_compat.html


Mutual TLS

https://www.jacobbaek.com/1040

https://www.docusign.com/blog/dsdev-mutual-tls-stuff-know

https://developers.cloudflare.com/access/access-service-auth/mutual-tls-authentication