On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote:
> I've found myself in the same quandary as this guy [1]. My CA
> structure is as follows.
>
> - RootCA
> - SubCA1
> - SubCA1 Server
> - SubCA1 Clients
> - SubCA2
> - SubCA2 Server
> - SubCA2 Clients
>
> I have two HTTPS vhost containers. One which has a server certificate
> issued by SubCA1 and should only accept client certificates from
> SubCA1. Likewise, another for SubCA2, which should only accept client
> certificates from SubCA2.


I think this should work by using:

SSLCertificateChainFile rootca

SSLCACertificateFile SubCA1


SSLCACertificateFile SubCA2


joe
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org