[users@httpd] mod_ssl help

Michele Mase' Fri, 01 Mar 2013 10:40:27 -0800

I'm testing a client authentication using:

SSLCACertificateFile /path/to/pemfile.pem
<LocationMatch "/test">
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLOptions +StdEnvVars +ExportCertData
        SSLRequire  %{SSL_CLIENT_I_DN} eq "/C=US/O=acme/OU=acme/CN=acme"
/LocationMatch>



I should use two different CA with the same DN (file /path/to/pemfile.pem)
When i try to use this configuration I receive:
Access totest denied for 10.10.10.10 (requirement expression not fulfilled)
Failed expression: %{SSL_CLIENT_I_DN} eq ...

The only way it works is without the SSLRequire directive.
or
Using only one CA in the file (file /path/to/pemfile.pem)

Some suggestions?

Regards
Michele Masè

[users@httpd] mod_ssl help

Reply via email to