Redwax Server – SPKAC Demo/Interop

Signed Public Key and Challenge Demo/Interop

Interoperate with the Redwax Signed Public Key and Challenge module.

We have implemented a Netscape SPKAC endpoint that allows you to test your client implementation against a Redwax Server.

The code being run is the most up to date build from trunk/main in source control, and is built and deployed automatically. The Redwax Interop server is for testing purposes only.

Signed Public Key and Challenge Demo/Interop Server

When testing your SPKAC client implementation, use the following details.

Summary

Server URL	`https://interop.redwax.eu/test/spkac`
Time Source	`System Clock`
Serial Numbers	`Random`

Redwax Module Configuration

The following configuration is used to implement this SPKAC endpoint. The configuration below is added to a standard secure virtualhost Apache configuration, as described here.

Configuration

Here we set the spkac handler, and set the certificates and keys to be used for signing the certificate.

<IfModule !ca_module>
  LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so
</IfModule>
<IfModule !ca_simple_module>
  LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so
</IfModule>
<IfModule !spkac_module>
  LoadModule spkac_module /usr/lib64/httpd/modules/mod_spkac.so
</IfModule>

<Location /test/simple/spkac>
  Require all granted
  SetHandler spkac
  SpkacSubjectRequest CN
  SpkacSubjectRequest O
  SpkacSubjectRequest C
  SpkacSubjectAltNameRequest rfc822Name
</Location>

SPKAC with MacOS Safari

The following example form shows how to generate a request based on the keygen tag.

Html Form

To request a certificate be generated, submit the form below.