ViaThinkSoft CodeLib
This article is in:
CodeLib → How-Tos → Apache
<Directory /srv/www/secretarea>
SSLVerifyClient optional
SSLVerifyDepth 5
# You can limit the CA with these directives, e.g. only allowing StartCom:
SSLCACertificateFile /etc/ca/startcom/startcom.crt
SSLCACertificatePath /etc/ca/startcom/
SSLOptions +OptRenegotiate +FakeBasicAuth
SSLRequireSSL
# Important: Only allow certificiates which do meet the following requirements:
SSLRequire \
(%{SSL_CLIENT_S_DN_Email} eq "smith@example.com") || \
(%{SSL_CLIENT_S_DN_Email} eq "miller@example.com") || \
(%{SSL_CLIENT_S_DN_Email} eq "foobar@example.net")
</Directory>
Daniel Marschall
ViaThinkSoft Co-Founder
ViaThinkSoft Co-Founder