Requiring a client certificate
If you want to secure your web site you can configure your apache2 server to require a client certificate. You do this by adding the following to options to the ssl host configuration:
SSLCACertificateFile /etc/ssl/private/CAcert.pem
SSLVerifyClient require
SSLVerifyDepth 10
To create a client certificate use the following commands
openssl genrsa -out client.key 1024
openssl req -new -key client.key -out client.csr
The create client.csr file has to be signd by your CA with the following command:
openssl x509 -req -days 365 -CA private/CAcert.pem -CAkey private/CAkey.pem -CAcreateserial -in client.csr -out client.crt
To create a PKCS#12 document from the client private key and the signed certificate:
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
The client.p12 file has to be imported by a browser to a access your server.