We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient.
Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool开发者_StackOverflow to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?
The best way to do this is to have the browser generate the key-pair and submit it to the server, where it's signed by your CA and a signed certificate returned to the browser.
There's a Javascript API to make the browser do that.
精彩评论