GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ingria → laravel-x509-auth

ingria / laravel-x509-auth

Licence: MIT license
Client certificate authentication middleware for Laravel 5

Programming Languages

PHP
23972 projects - #3 most used programming language

Labels

middlewarelaravelauthenticationx509client-certificate

Projects that are alternatives of or similar to laravel-x509-auth

Kingsly
Your own x.509 cert manager
Stars: ✭ 60 (+76.47%)
Mutual labels:  x509
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+297.06%)
Mutual labels:  x509
Zlint
X.509 Certificate Linter focused on Web PKI standards and requirements.
Stars: ✭ 190 (+458.82%)
Mutual labels:  x509
X509
Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
Stars: ✭ 68 (+100%)
Mutual labels:  x509
Certidude
Easy to use Certificate Authority web service for OpenVPN, StrongSwan and HTTPS
Stars: ✭ 108 (+217.65%)
Mutual labels:  x509
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+6226.47%)
Mutual labels:  x509
X509
A PHP library for X.509 public key certificates, attribute certificates, certification requests and certification path validation.
Stars: ✭ 27 (-20.59%)
Mutual labels:  x509
Jsrsasign
The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token in pure JavaScript.
Stars: ✭ 2,760 (+8017.65%)
Mutual labels:  x509
Botan
Cryptography Toolkit
Stars: ✭ 1,798 (+5188.24%)
Mutual labels:  x509
Pspki
PowerShell PKI Module
Stars: ✭ 189 (+455.88%)
Mutual labels:  x509
Icingaweb2 Module X509
Keeps track of certificates as they are deployed in a network environment.
Stars: ✭ 78 (+129.41%)
Mutual labels:  x509
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+176.47%)
Mutual labels:  x509
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+5435.29%)
Mutual labels:  x509
Certlint
X.509 certificate linter, written in Go
Stars: ✭ 60 (+76.47%)
Mutual labels:  x509
Go Guardian
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.
Stars: ✭ 204 (+500%)
Mutual labels:  x509
Cl Tls
An implementation of TLS and related specifications in Common Lisp
Stars: ✭ 32 (-5.88%)
Mutual labels:  x509
Phpasn1
A PHP library to encode and decode arbitrary ASN.1 structures using ITU-T X.690 encoding rules.
Stars: ✭ 136 (+300%)
Mutual labels:  x509
win-ca
Get Windows System Root certificates
Stars: ✭ 78 (+129.41%)
Mutual labels:  x509
Asn1crypto
Python ASN.1 library with a focus on performance and a pythonic API
Stars: ✭ 220 (+547.06%)
Mutual labels:  x509
Dart Basic Utils
A dart package for many helper methods fitting common situations
Stars: ✭ 153 (+350%)
Mutual labels:  x509
View All Similar Projects ➔

Client certificate authentication middleware for Laravel 5

Also known as X.509 client authentication.

How does it work

  1. You have a user in your app. For example, Admin:[email protected]
  2. You generate a certificate for that user. Make sure you're using [email protected] for certificate's emailAddress field.
  3. This package allows Admin to use your app without ever logging in.
  4. All users including Admin can still use plain password auth.

Pro tip: you can also use any other certificate attributes for authentication, not only emailAddress (like id or username). I don't think you need this package in that case, but anyway 🤷.

Prerequisites

Please don't blindly copy-paste the commands. It's important for you to know what you're doing.

1. Generate CA and Client certificate

Generating Certificate Authority:

openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

Generating client certificate and signing it with your CA. When asked for the email, enter email of your app's user which will be autheticated with this certificate.

openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Optionally, generate a PKCS certificate to be installed into the browser, mobile or whatever:

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

2. Configure your web-server

This example is for NGINX with FastCGI.

server {
    ...
    ssl_client_certificate /etc/nginx/certs/Your_CA_Public_Key.crt;
    ssl_verify_client optional;

    location ~ \.php$ {
        ...
        fastcgi_param SSL_CLIENT_VERIFY    $ssl_client_verify;
        fastcgi_param SSL_CLIENT_S_DN      $ssl_client_s_dn;
    }
}

You can also add pass some other useful params, see resources below.

Resources

Installation

1. Install the package

This assumes that you have composer installed globally:

composer require ingria/laravel-x509-auth

2. Register middleware

Add \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class to your routeMiddleware array in app/Http/Kernel.php.

For example, you can call it auth.x509, by analogy with Laravel's auth.basic name:

// app/Http/Kernel.php

...
protected $routeMiddleware = [
    // a whole bunch of middlewares...
    'auth.x509' => \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class,
];

Resources

Usage

Just add the middleware's name to any route or controller instead of default auth. For example:

// routes/web.php

Route::get('/', 'YourController@method')->middleware('auth.x509');

Resources

License

The MIT License (MIT). Please see License File for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].