On Mon, Nov 19, 2007 at 09:24:09AM +0000, Anony Mouse wrote:
> I've found myself in the same quandary as this guy [1]. My CA
> structure is as follows.
>
> - RootCA
> - SubCA1
> - SubCA1 Server
> - SubCA1 Clients
> - SubCA2
> - SubCA2 Server
> - SubCA2 Clients
>
> I have two HTTPS vhost containers. One which has a server certificate
> issued by SubCA1 and should only accept client certificates from
> SubCA1. Likewise, another for SubCA2, which should only accept client
> certificates from SubCA2.
I think this should work by using:
SSLCertificateChainFile rootca
<Vhost for SubCA1>
SSLCACertificateFile SubCA1
</Vhost>
<Vhost for SubCA2>
SSLCACertificateFile SubCA2
</Vhost>
joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
