=== Client Certificate Authentication ===
Contributors: Mario Lipinski
Tags: authentication
Requires at least: 3.1
Tested up to: 3.4
Stable tag: 1.0

Extend the HTTP Authentication plugin to authenticate users with a client certificate by using the Email subject field as login and CN as name.

== Description ==

Authenticate users with a client certificate by using the Email subject field as login and CN as name. New users can be optionally created.
This plugin is based on the HTTP Authentication plugin, some ideas taken from Dans earlier implementation.

== Installation ==

1. Login as an existing user, such as admin.
2. Upload the `client-certificate-authentication` folder to your plugins folder, usually `wp-content/plugins`. (Or simply via the built-in installer.)
3. Activate the plugin on the Plugins screen.
4. Logout.
5. Require certificate authentication for  `wp-login.php` and `wp-admin`.
6. Try logging in with your client certificate.

== Changelog ==

= 1.0 =
Initial release.


== Frequently Asked Questions ==

= How should I set up client certificate authentication? =

This depends on your hosting environment and your means of authentication. A working example is given below:

In Apache HTTP (non-HTTPS) config add:

        RewriteEngine On
        RewriteRule ^/(wp-(admin|login\.php).*) https://%{HTTP_HOST}/$1

		
In Apache HTTPS config:

        <Location /wp-login.php>
                SSLVerifyClient optional
                <IfModule mod_rewrite.c>
                        RewriteEngine   on
                        RewriteCond  %{HTTP_USER_AGENT}  .*Safari.*
                        RewriteCond  %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
                        RewriteRule  .* /wp-admin [redirect,last]
                </IfModule>
        </Location>
        <Location /wp-admin>
                SSLVerifyClient require
        </Location>

Make sure to also set SSLCACertificatePath and CRL checks.
