Preface
As some of you know, I’m currently working in an environment that is very much about security in terms of “how do I determine for sure who is accessing my service while having all access encrypted”. Since grid computing (that’s what I’m currently doing) also is very much about Single-sign on and delegation of rights, username/password authentication schemes don’t quite do it for us. Thus, a PKI (public key infrastructure) based on X.509 is employed.
Huh?
Acronyms-a-plenty, you think. Well, it’s not so bad at all. What we call X.509 certificates is what you would call “SSL Certificates”.
The correct name for those certificates is “X.509 certificate” and that’s what I’m going to refer to. Whatever name you call the child, it is what you already know and probably use - the certificates that make you able to verify you’re actually buying at amazon.com. More generally speaking, X.509 certificates can be mutually used by servers and clients alike to authenticate themselves to the other party. We can exploit this feature to get away from traditional knowledge-based credentials towards possession-based credentials.
Continue reading "X.509 PKI login with PHP and Apache"
