I don't know why I didn't find this in the dozens of Google searches that
I did *before* I posted my question, but these seem to be what I'm looking
for:
SSLCADNRequestFile / SSLCADNRequestPath
http://httpd.apache.org/docs/trunk/mod/mod_ssl.xml#sslcadnrequestfile
I think all you need to do is tighten up your SSLRequire rules.
Something like this (all on one line, omitting the backslash at line-end):
SSLRequire %{SSL_CIPHER_USEKEYSIZE} = 128 \
and %{SSL_CLIENT_I_DN} eq IssuingCA2
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC23
David P. Mott wrote:
I don't know why I didn't find this in the dozens of Google searches
that I did *before* I posted my question, but these seem to be what I'm
looking for:
SSLCADNRequestFile / SSLCADNRequestPath
Please be aware that Apache/ModSSL uses den SSLCADNRequest-
File /
Oh, good call!
So, now I'm looking at:
* SSLCACertificateFile, to hold all of the certificates that I would
authenticate against;
* SSLCADNRequestFile, to send an acceptable list of certificates to the
client;
* SSLRequire, to prevent malicious clients from sending me a certificate
that