-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On Behalf Of [EMAIL PROTECTED] >Sent: Wednesday, July 25, 2007 9:42 AM >To: modssl-users@modssl.org >Subject: How to accept only certain client certificates
>Dear all, >I have a working SSL configuration, with client certificate authentication. >The SSLCACertificateFile directive is set so I accept every client who >has a certificate from that CA. >The problem is that since I'm running a web service, not webpages, >I want allow the access for a few clients only. >One way to achieve this to create my own CA and Issue client certificates, >which I'm doing now. >But my clients have their own certificates issued by eg. Verisign. >Is there a way to allow theese certs while denying the other from the same >CA? >Can I just somehow directly enumerate the certificates I want to allow, >similar to the java truststore concept? Perhaps you can use SSLRequire to use certificate parameters for conditional access. You should be able to enumerate the desired client distinguished names. Rich ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]