How to accept only certain client certificates

-----Original Message-----
>From: owner-modssl-users [at] modssl.org
[mailto:owner-modssl-users [at] modssl.org] >On Behalf Of merlin [at] sztaki.hu
>Sent: Wednesday, July 25, 2007 9:42 AM
>To: modssl-users [at] modssl.org
>Subject: How to accept only certain client certificates

>Dear all,

>I have a working SSL configuration, with client certificate
authentication.
>The SSLCACertificateFile directive is set so I accept every client who
>has a certificate from that CA.

>The problem is that since I'm running a web service, not webpages,
>I want allow the access for a few clients only.
>One way to achieve this to create my own CA and Issue client
certificates,
>which I'm doing now.
>But my clients have their own certificates issued by eg. Verisign.
>Is there a way to allow theese certs while denying the other from the
same >CA?
>Can I just somehow directly enumerate the certificates I want to allow,

>similar to the java truststore concept?

Perhaps you can use SSLRequire to use certificate parameters for
conditional access. You should be able to enumerate the desired client
distinguished names.

Rich
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

How to accept only certain client certificates

RE: How to accept only certain client certificates