-----Original Message-----
>Sent: Wednesday, July 25, 2007 9:42 AM
>To: modssl-users@modssl.org
>Subject: How to accept only certain client certificates

>Dear all,

>I have a working SSL configuration, with client certificate
>The SSLCACertificateFile directive is set so I accept every client who
>has a certificate from that CA.

>The problem is that since I'm running a web service, not webpages,
>I want allow the access for a few clients only.
>One way to achieve this to create my own CA and Issue client
>which I'm doing now.
>But my clients have their own certificates issued by eg. Verisign.
>Is there a way to allow theese certs while denying the other from the
same >CA?
>Can I just somehow directly enumerate the certificates I want to allow,

>similar to the java truststore concept?

Perhaps you can use SSLRequire to use certificate parameters for
conditional access.  You should be able to enumerate the desired client
distinguished names.

Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to