For full detailed instructions and explanations, read the Apache Support pages.
1. Download and save this certificate bundle:
CA Bundle for Digi-Acess™
2. Open the httpd.conf file for editing and locate the Virtual Host section for your SSL secured site
3. Add the following directive line into your site/directory configuration section:
SSLOptions +StdEnvVars +ExportCertData
Once the StdEnvVars is enabled, the standard set of SSL related CGI/SSI environment variables are created. CGI and SSI requests are disabled by default. This is for performance reasons and we do not recommend changing this unless you are an experienced Apache Administrator. For further details and instructions, refer to the Apache Support page
4.Add the following directive line into your site/directory configuration section:
SSLVerifyClient require
This directive sets the certificate verification level for the Client Certificate Authentication. This directive can be used both on a per-server and a per-directory context. In the per-server context, the client authentication process is applied during the standard SSL handshake when a connection is established. In per-directory context, it forces the SSL re-negotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent. We recommend that you use the 'require' variable unless you are an experienced Apache Administrator. For further details and instructions, refer to the Apache Support page
5.Add the following directive line into your site/directory configuration section:
SSLVerifyDepth 10
This directive sets the depth of 10. This means that the client certificate has to be signed by a CA that is directly known to the server (i.e.: the CA's certificate is under SSLCACertificatePath). We recommend that you use the '10' variable unless you are an experienced Apache Administrator.
You can also add the following directive(s) to enable a customised authentication rule, if you choose the Apache web server to be the authentication level:
SSL Require
This directive specifies a general access requirement which has to be fulfilled in order to allow access. It's a very powerful directive because the requirement specification is an arbitrarily complex Boolean expression containing any number of access checks. We recommend do not recommend using this unless you are an experienced Apache Administrator. For further details and instructions, refer to the Apache Support page
Note:- If you are implementing a CGI application with Digi-Access™ some Apache versions may require the following directive to be present:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
For further details and instructions, refer to the Apache Support page
6. Save your httpd.conf file
7. Restart Apache
|
|
For full detailed instructions and screenshots, read the IIS Support pages.
1. Download and save these two certificates:
Digi-Sign Root CA
Digi-Sign CA Digi-Access™ Xs
2. On the server, click the Start button, select Run and type MMC, before clicking the 'OK' button
3. You should now be in the Microsoft Management Console and should follow these steps:
4. Now all you need to do is import the Digi-Access™ Root certificate, following these steps:
5. Then import the Digi-Access™ intermediate certificate, as follows:
6. Go to Windows Administrative Tools and open the properties window for the website that you have enabled SSL on. Open the Directory Security by right clicking on the Directory Security tab and then follow these steps:
7. Start Internet Services Manager, or open the MMC that contains the IIS snap-in.
|