add client config

MichaelViveros · Jul 21, 2019 · 3d8b6cd · 3d8b6cd
1 parent 5b81bbe
commit 3d8b6cd
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,11 @@
 FROM httpd:2.4
 
 COPY server.crt server.key /usr/local/apache2/conf/
+COPY ca.crt /usr/local/apache2/conf/ssl.crt/ca-bundle.crt
 COPY httpd.conf /usr/local/apache2/conf/
 COPY httpd-ssl.conf /usr/local/apache2/conf/extra/
 
+ENV VERIFY_DEPTH 2
+ENV ALLOWED_CLIENT_S_DN 'dunder-mifflin.com'
+
 EXPOSE 443
diff --git a/httpd-ssl.conf b/httpd-ssl.conf
@@ -192,8 +192,8 @@ SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt"
 #   none, optional, require and optional_no_ca.  Depth is a
 #   number which specifies how deeply to verify the certificate
 #   issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth  10
+SSLVerifyClient require
+SSLVerifyDepth  ${VERIFY_DEPTH}
 
 #   TLS-SRP mutual authentication:
 #   Enable TLS-SRP and set the path to the OpenSSL SRP verifier
@@ -217,6 +217,9 @@ SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt"
 #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
 #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
 #</Location>
+<Location />
+Require expr "%{SSL_CLIENT_S_DN_CN} == osenv('ALLOWED_CLIENT_S_DN')"
+</Location>
 
 #   SSL Engine Options:
 #   Set various options for the SSL engine.