WordPress.org

Ready to get started?Download WordPress

Plugin Directory

Client Certificate Authentication

Authenticating with a SSL Client Certificate by using the email address. Optionally, new accounts can be created with the name from the certificate.

How should I set up client certificate authentication?

This depends on your hosting environment and your means of authentication. The plugin uses the $_SERVER environment variables SSL_CLIENT_S_DN_Email (beginning with) for the email address and SSL_CLIENT_S_DN_CN for the name. A working example is given below:

In Apache HTTP (non-HTTPS) config add:

RewriteEngine On
RewriteRule ^/(wp-(admin|login\.php).*) https://%{HTTP_HOST}/$1

In Apache HTTPS config:

<Location /wp-login.php>
    SSLVerifyClient optional
    <IfModule mod_rewrite.c>
        RewriteEngine   on
        RewriteCond  %{HTTP_USER_AGENT}  .*Safari.*
        RewriteCond  %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
        RewriteRule  .* /wp-admin [redirect,last]
    </IfModule>
</Location>
<Location /wp-admin>
    SSLVerifyClient require
</Location>

Also make sure to set SSLCACertificatePath and enable CRL checks.

Requires: 3.1 or higher
Compatible up to: 3.5.2
Last Updated: 2013-7-17
Downloads: 647

Ratings

5 stars
5 out of 5 stars

Support

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1
100,1,1