Overview
KB
Technical FAQ
PHP Manual
CSS2 Manual
HTML Manual
JS Guide
JS Reference
PhpDock Manual
Nu-Coder Manual
PhpExpress Manual
PHP Joomla
Development
Learn PHP
 
<Authenticated access to debuggerClient auth certificate>
Last updated: Mon, 16 Sep 2024

Authenticated debug sessions, prerequisites

Create openssl-ca.cnf configuration file:
HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ ca ] default_ca = CA_default # The default ca section [ CA_default ] default_days = 365 # How long to certify signature for default_crl_days = 30 # How long before next CRL default_md = sha256 # Use public key default MD preserve = no # Keep passed DN ordering x509_extensions = ca_extensions # The extensions to add to the cert email_in_dn = no # Don't concat the email in the DN copy_extensions = copy # Required to copy SANs from CSR to cert base_dir = . certificate = $base_dir/cacert.pem # The CA certificate private_key = $base_dir/cakey.pem # The CA private key new_certs_dir = $base_dir # Location for new certs after signing database = $base_dir/index.txt # Database index file serial = $base_dir/serial.txt # The current serial number unique_subject = no # Set to 'no' to allow creation of # several certificates with the same subject. #################################################################### [ req ] default_bits = 4096 default_keyfile = cakey.pem distinguished_name = ca_distinguished_name x509_extensions = ca_extensions string_mask = utf8only #################################################################### [ ca_distinguished_name ] commonName = Common Name (e.g. your CA name) commonName_default = Test CA Department #################################################################### [ ca_extensions ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer basicConstraints = critical, CA:true keyUsage = keyCertSign, cRLSign #################################################################### [ signing_policy ] commonName = supplied #################################################################### [ signing_req ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment

Create a CA certificate using openssl command below:
openssl req -x509 -days 3653 -config openssl-ca.cnf -newkey rsa -sha256 -nodes -outform PEM -out cacert.pem
where
  • openssl-ca.cnf is the configuration file created above
  • -newkey rsa -outform PEM mean that RSA key will be created and saved in PEM format
  • cacert.pem is a CA certificate file name to be created
CA certificate created with configuration above will be used to sign client certificates for SSL authentication and to authenticate clients on the server side. It is valid for 10 years. After that time a new CA certificate should be created.
CA certificate cacert.pem file is created with cakey.pem private key. Warning: sensitive material
Create two files index.txt to keep track of signed certificates and serial.txt to keep the next serial number to be assigned to the client certificate with signature. For example to start with serial number 1000, put 03E8, hex representation of 1000, in text form to serial.txt file


Create openssl-client.cnf configuration file for client SSL certificates with the following content:
HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ req ] default_bits = 4096 default_keyfile = clientkey.pem distinguished_name = client_distinguished_name req_extensions = client_req_extensions string_mask = utf8only #################################################################### [ client_distinguished_name ] commonName = Common Name (client name) commonName_default = Test Auth Client #################################################################### [ client_req_extensions ] subjectKeyIdentifier = hash basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment nsComment = "NuSphere PhpED client auth certificate"

This configuration file is needed on the client side to create certificate sign request



<Authenticated access to debuggerClient auth certificate>
Last updated: Mon, 16 Sep 2024