The following is a recipe to configure an Apache Web Server to accept and read a self-signed SSL client certificates. This is one of the steps to implement the FOAF + SSL protocol as outlined by Henry Story.

1. Starting assumption is that your Apache server has SSL installed and working.

If not this is covered in depth in many other places, the easiest way is to contact your web hoster to get this done.

2. Change tha Apache httpd.conf to enable client certificates

You will need editing rights on your httpd.conf. Here are the changes I made in order to get things working:

SSLVerifyClient optional_no_ca
SSLVerifyDepth 1

Note: SSLCACertificateFile is not set so self signed certificates are not checked against the trusted CA’s configured on the server.

3. Add the following to the .htaccess to make the SSL variables available to php

SSLOptions +StdEnvVars
SSLOptions +ExportCertData

4. How to test it

The following code should be able to print out diagnostic information:

print_r($_SERVER);
print_r(openssl_x509_parse($_SERVER[SSL_CLIENT_CERT]))

An example can be seen here: https://foaf.me/test.php

If you think there’s a way to improve any of these steps please feel free to let me know.