webr3.org

A lighter way to configure Apache for FOAF+SSL

Just a snippet post to say that I've found a lighter (and imho preferable) way to configure Apache to accept client side SSL certificates (with regards to FOAF+SSL).

The Standard Way
This way essentially exports all SSL data, certs, client and server side if you read the notes has performance penalty.

SSLVerifyClient optional_no_ca
SSLVerifyDepth 1
SSLOptions +StdEnvVars
SSLOptions +ExportCertData


The Lighter Way
This way simply passes in the SSL_CLIENT_CERT in to the env REMOTE_USER and skips the rest which you don't use (for FOAF+SSL).

SSLVerifyClient optional_no_ca
SSLVerifyDepth 1
SSLUserName SSL_CLIENT_CERT


Tested and works very nicely (again, imho).

note: Enabling SSLOptions +FakeBasicAuth will overwrite this with the Subject from the client side certificate.

This entry was posted on 02/04/2010 (Friday) at 18:31 and is filed under apache, linked data, optimization. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Printed from: http://webr3.org/blog/optimization/a-lighter-way-to-configure-apache-for-foafssl/ .
© Your Name Here 2012.

Additional comments powered by BackType

• • webr3.org
  • experiments
  • nathan
  • Lifestream
  • Strips
  • twitter

• Archives

  • July 2011
  • April 2011
  • March 2011
  • January 2011
  • December 2010
  • November 2010
  • August 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009

• Recent

  • NOTIFY
  • Uniform Data
  • I live in the UK and...
  • The simplest view possible of httpRange-14.
  • A simple overview of httpRange-14
  • What does a URI name? agree?
  • The Social Graph, the other Graphs, and the pot of gold you're sitting on.
  • IdeaDump - 24 Hours in
  • a new open approach to business for 2011
  • RDF: Named Graphs -vs- Graph Literals

• Recent Comments

  • Rachel on I live in the UK and...
  • Nathan Hawks on I live in the UK and...
  • Owen Stephens on A simple overview of httpRange-14
  • Ed Summers on A simple overview of httpRange-14
  • azurus on RDF API, JSON Serialization and Standardization

• Lifestream

  • Liked David Korten: Walking Away From the King.

    — December 12th via Vimeo

    David Korten: Walking Away From the King
  • RT @webisteme: Presenting #Pebble: Mobile-based mutual credit in trust networks at #ccunconf http://www.pebbleapp.com [webr3]

    — December 6th via Twitter
  • interesting read: http://t.co/NB6HF9UA GiftPunk: A Twitter Tool for Giftcasting from @webisteme [webr3]

    — December 6th via Twitter
  • RT @RachelRixham: Quote of the Day "When one worries first about money, the trap is set. When one pursues one’s passion, all else falls ... [webr3]

    — December 6th via Twitter
  • impressed with @bluevia and their APIs see http://t.co/Hoa62Tdy and http://t.co/CY9YAHGs [webr3]

    — December 6th via Twitter
  • nice short slides on Native Device vs. Mobile Web Applications http://t.co/YJch5Ymu [webr3]

    — December 6th via Twitter
  • Liked Experience Human Flight.

    — November 26th via Vimeo

    Experience Human Flight
  • Liked 2 videos.

    — November 21st via Vimeo

    
  • Liked Earth | Time Lapse View from Space, Fly Over | NASA, ISS.

    — November 14th via Vimeo

    
  • RT @RachelRixham: Uh Oh Rioters strike in Edinburgh 10th August 2011 http://t.co/csZIJaK [webr3]

    — August 10th via Twitter

• Blogroll

  • jared tarbell – complexification
  • lee mccoll-sylvester

• Categories

  • apache
  • experiments
  • featured
  • Flash 10
  • flex
  • general
  • gotcha
  • haXe
  • internet
  • linked data
  • mysql
  • optimization
  • Perlin Noise
  • PHP
  • PixelBender
  • RDFa
  • secrets
  • semantic web
  • Uncategorized
  • video
  • virtuoso
  • youtube