I am having difficulty understanding how to use
.
I could not find the demo for it, which is used for authentication. When I add the <
Mozilla has some working examples here:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen
My explanations come from this PHP/Apache example. It's a simplified explanation, look at the original example for full details.
The client generate a public key for the server and keep a private key.
<form>
<keygen name="pubkey" challenge="randomchars">
<input type="submit" name="createcert" value="Generate">
</form>
The public key is extracted by the server:
$key = $_REQUEST['pubkey'];
The server build a client certificate:
$command = "/usr/bin/openssl ca -config ".$opensslconf." -days ".$days." -notext -batch -spkac ".$certfolder.$uniq.".spkac -out ".$certfolder.$uniq." -passin pass:'".$capw."' 2>&1";
$output = shell_exec($command);
and send it back to the client.
You can then configure Apache to allow access to authentified clients:
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/CA/certs-pub/domain.der
SSLCertificateKeyFile /etc/CA/certs-priv/domain.pem
SSLCACertificateFile /etc/CA/certs-pub/ca.pem
SSLCARevocationFile /etc/CA/crl/cacrl.pem
<Location /secure_area/>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>