Laravel 5 Client Certificate auth middleware
ingria/laravel-x509-auth is a Laravel package for laravel 5 client certificate auth middleware.
It currently has 37 GitHub stars and 5.681 downloads on Packagist (latest version v1.1.0).
Install it with composer require ingria/laravel-x509-auth.
Discover more Laravel packages by ingria
or browse all Laravel packages to compare alternatives.
Last updated
Also known as X.509 client authentication.
Admin:[email protected][email protected] for certificate's emailAddress field.Admin to use your app without ever logging in.Admin can still use plain password auth.Pro tip: you can also use any other certificate attributes for authentication, not only
emailAddress(likeidorusername). I don't think you need this package in that case, but anyway 🤷.
Please don't blindly copy-paste the commands. It's important for you to know what you're doing.
Generating Certificate Authority:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Generating client certificate and signing it with your CA. When asked for the email, enter email of your app's user which will be autheticated with this certificate.
openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:2048 -nodes -keyout client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Optionally, generate a PKCS certificate to be installed into the browser, mobile or whatever:
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
This example is for NGINX with FastCGI.
server {
...
ssl_client_certificate /etc/nginx/certs/Your_CA_Public_Key.crt;
ssl_verify_client optional;
location ~ \.php$ {
...
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
}
}
You can also add pass some other useful params, see resources below.
This assumes that you have composer installed globally:
composer require ingria/laravel-x509-auth
Add \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class to your routeMiddleware array in app/Http/Kernel.php.
For example, you can call it auth.x509, by analogy with Laravel's auth.basic name:
// app/Http/Kernel.php
...
protected $routeMiddleware = [
// a whole bunch of middlewares...
'auth.x509' => \Ingria\LaravelX509Auth\Middleware\AuthenticateWithClientCertificate::class,
];
Just add the middleware's name to any route or controller instead of default auth. For example:
// routes/web.php
Route::get('/', 'YourController@method')->middleware('auth.x509');
The MIT License (MIT). Please see License File for more information.
