This package allow you to generate root certificates and signed certificates for various purposes (eg. Authentication).
You can install the package via composer:
composer require kerattila/laravel-x509-auth
Publish the config file by running:
php artisan vendor:publish --provider="Kerattila\X509Auth\X509AuthServiceProvider"
After publishing configuration file, adjust the values accordingly your needs:
<?php
return [
'workdir' => base_path(),
// This should be pointed to the user class
'user_class' => \App\User::class,
// In case if you want to extend the original certificate class
'certificate_class' => \Kerattila\X509Auth\Certificate\ClientCertificate::class,
'middleware' => [
// Enable or disable middleware
'enabled' => true,
'rules' => [
/** SSL parameter === user field */
'SSL_CLIENT_M_SERIAL' => 'username',
'SSL_CLIENT_S_DN_Email' => 'email'
],
// Automatically log in the user if certificate matches a user
'auto_login' => true
],
'root_ca' => [
'private_key_name' => 'root_ca_private', // Root cetificate private key name
'public_key_name' => 'root_ca_public', // Root certificate public key name
'numbits' => 2048, // Numbits
'days' => 365, // The validity time for the ROOT CA
/** This will be converted to SSL subject /C=RO/ST=Mures/L=Targu Mures/O=ACME Corporation/CN=domain.com */
'subject' => [
'C' => 'RO', // 2 letter country code
'ST' => 'Mures', // State
'L' => 'Targu Mures', // Locality
'O' => 'ACME Corporation', // Organzization
'CN' => 'domain.com' // Common name
]
],
'signed_cert' => [
'private_key_name' => 'private', // Private key name
'public_key_name' => 'public', // Public key name
'csr_key_name' => 'csr', // CSR (Certificate Sign Request) file name
'numbits' => 2048,
'days' => 365, // Validity of the certificate
/** This will be converted to SSL subject /C=RO/ST=Mures/L=Targu Mures/O=ACME Corporation/CN=domain.com */
'subject' => [
'C' => 'RO', // 2 letter country code
'ST' => 'Mures', // State
'L' => 'Targu Mures', // Locality
'O' => 'ACME Corporation', // Organzization
'OU' => 'IT Department', // Organizational unit
'CN' => 'domain.com', // Common name
'emailAddress' => 'email@domain.com', // Email address
],
// SAN - Subject alternative names
'alt_names' => [
'domain.com',
'domain.net',
'domain.eu'
]
]
];
SSLVerifyClient require # This line will force to have a valid; Leave this out if SSL is optional to log in
SSLVerifyDepth 10 # Maximum depth for certificate check
SSLCACertificateFile {DOCROOT_CLIENT}/ssl/rootCA.crt.pem # Point this to the Root CA Private key
SSLOptions +StdEnvVars # Creates the standard set of CGI/SSI environment variables that are related to SSL
Add the \Kerattila\X509Auth\Middleware\X509::class
middleware class to your application kernel:
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
\Kerattila\X509Auth\Middleware\X509::class,
...
];
}
php artisan x509auth:generate:root-ca {--dir=} {--private=} {--public=}
php artisan x509auth:generate:signed-certificate {--dir=} {--private=} {--public=} {--csr=} {--root-private=} {--root-public=} {--email=}
During certificate generation you will be asked to provide (optionally) a password to protect the certificate.
Note: All options are optional, fallback values are defined in the config file.