Certificates

The cert access control rule allows access to a resource if the incoming request was signed with a valid client security certificate.

This allows remote machines access to resources that are otherwise private, without going through ARDI authentication.

This is considered one of the most secure methods of setting up a trust relationship between two endpoints. When combined with a whitelist, you can usually be very confident that the request is coming from a specific machine and user.

Properties

name: An optional regular expression to match with the name. If this isn't provided, any valid certificate is accepted.

Basic Example

{
   "type": "cert",
   "name": "com.mycompany.*"
}

This restricts access to only requests that are signed with a certficate belonging to a system with a common name starting with 'com.mycompany.'.

Server Setup

By default, the Apache 2 webserver does not have client certificates enabled. To enable them, you'll need to make changes to configuration files.

Open your vhosts.conf file, found at /etc/apache2/sites-enabled/ardi in Linux, or \apache2\conf\extra\vhosts.conf in your ARDI install folder on Windows.

Under <VirtualHost *:443>, add the following lines… 

  SSLCACertificateFile "path.to.certificate.chain"
  SSLVerifyClient optional
  SSLVerifyDepth 10
  SSLOptions +ExportCertData +StdEnvVars

Replacing path.to.certificate.chain with the path to a CRT or PEM file containing the certificate chain that can be used to validate the client certificate.

Restart Apache2 using Services in Windows, or service restart apache2 on Linux.

ARDI Admin Guide

SYSTEM

DATABASES/SITES

USERS

ADMINISTRATION

ASSET BASICS

PROPERTIES

RELATIONSHIPS

SPECIAL RELATIONSHIPS

ASSET DETAILS

ENVIRONMENTS & 3D TOPICS

ASSETS & 3D

IMPORT/EXPORT

FEATURES

REPORTS

HOWTOS

ADVANCED

—-

Other Documentation