-----Original Message-----
>From: owner-modssl-users@modssl.org

[mailtowner-modssl-users@modssl.org] >On Behalf Of merlin@sztaki.hu
>Sent: Wednesday, July 25, 2007 9:42 AM
>To: modssl-users@modssl.org
>Subject: How to accept only certain client certificates

>Dear all,

>I have a working SSL configuration, with client certificate

>The SSLCACertificateFile directive is set so I accept every client who
>has a certificate from that CA.

>The problem is that since I'm running a web service, not webpages,
>I want allow the access for a few clients only.
>One way to achieve this to create my own CA and Issue client

>which I'm doing now.
>But my clients have their own certificates issued by eg. Verisign.
>Is there a way to allow theese certs while denying the other from the

same >CA?
>Can I just somehow directly enumerate the certificates I want to allow,

>similar to the java truststore concept?

Perhaps you can use SSLRequire to use certificate parameters for
conditional access. You should be able to enumerate the desired client
distinguished names.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org