RE: How to accept only certain client certificates
[mailto:email@example.com] >On Behalf Of [email]firstname.lastname@example.org[/email][color=blue]
>Sent: Wednesday, July 25, 2007 9:42 AM
>Subject: How to accept only certain client certificates[/color]
>I have a working SSL configuration, with client certificate[/color]
>The SSLCACertificateFile directive is set so I accept every client who
>has a certificate from that CA.[/color]
>The problem is that since I'm running a web service, not webpages,
>I want allow the access for a few clients only.
>One way to achieve this to create my own CA and Issue client[/color]
>which I'm doing now.
>But my clients have their own certificates issued by eg. Verisign.
>Is there a way to allow theese certs while denying the other from the[/color]
>Can I just somehow directly enumerate the certificates I want to allow,[/color]
>similar to the java truststore concept?[/color]
Perhaps you can use SSLRequire to use certificate parameters for
conditional access. You should be able to enumerate the desired client
Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
User Support Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]