if you want to lock it down to exactly ONE client certificate, here's one way
to do it
if you need to screen on more than one cert, perhaps you can use
SSL_CLIENT_S_DN_O (i think) instead of SSL_CLIENT_S_DN_CN
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 3
SSLRequire %{SSL_CLIENT_S_DN_CN} eq
"the.client.cert.distinguished.name" \
and %{SSL_CLIENT_I_DN_O} eq "VeriSign Trust Network"
-Original Message-
From: Matthew McHugh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 31, 2005 10:40 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Question about how to do certificate based
authentication with Apache 2.0.50
Hello All,
I am using Apache 2.0.50 on a Sun solaris webserver. I am trying to limit (for
one virtual host) access to the site. I want to limit the access to one
company that passes me their certificate. Is there a way to do this with
apache 2.0.50? I see that something can be done with client authentication,
but that requires me to create my own CA and hand out certificates, then allow
all certs signed by that CA to have access to the environment. My client will
be using a Verisign signed certificate and I do not wish to allow all clients
with a Verisign signed certificate to access my protected environment.
Is there a way to lock it down to only one certificate or do I need to allow
access to all clients passing certificates that are signed from a specific CA?
Any help would be much appreciated.
Thanks,
Matt
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
