I have spent some time this weekend investigating SSL certificate-based authentication and implementing it in Kolab web-based user interface.
This topic is very interesting, but definitely too broad to be briefly described in a single blog post, so do not look at it as complete solution, but treat it only as a proof of concept.
Table of contents
- Prepare Certification Authority
- Configure Certification Authority
- Initialize Certification Authority
- Create root certificate
- Create server certificate
- Create client certificate
Kolab - Web-based user interface
Prepare Certification Authority
At first you need to create Certification Authority on an off-line, and secured system.
I have already created required shell scripts (miniature-octo-ca) to ease the whole operation, so just clone the following repository and move it to the CA system.
$ git clone https://github.com/milosz/miniature-octo-ca.git Cloning into 'miniature-octo-ca'... remote: Counting objects: 10, done. remote: Compressing objects: 100% (7/7), done. remote: Total 10 (delta 2), reused 10 (delta 2) Unpacking objects: 100% (10/10), done.
Please remember to change working directory before executing any available shell script.
$ cd miniature-octo-ca
Configure Certification Authority
The next step is to configure CA by using
common-ca-settings.sh configuration file.