Surprising that no one else had to deal with this issue before. Correct me if I am wrong, is the substring for SSLRequire the only way to achieve the desired outcome?
Thanks, Bharath Kolla From: bharath.c.ko...@wellsfargo.com.INVALID [mailto:bharath.c.ko...@wellsfargo.com.INVALID] Sent: Friday, February 24, 2017 2:04 PM To: users@httpd.apache.org Subject: [users@httpd] SSL Client Cert Authentication - SSLRequires We have a client cert that contains multiple OU's (3 to be specific), but we just need to construct a substring for SSLRequire to evaluate 2 specific OU's from the OU list. I tried using: SSLRequire ( %{SSL_CLIENT_S_DN_O} eq "abc" \ and %{SSL_CLIENT_S_DN_OU} in {"test1","dev","apacheorg"}) However, this substring checks for all 3 OU's and sends a 403 if one of them is not present in the client cert. What I need is for it to just check for 2 OU's (specifically, test1 & dev) and leave the 3rd one from evaluating. What is the best possible way to achieve this? Thanks, Bharath Kolla
