I don't know why I didn't find this in the dozens of Google searches that
I did *before* I posted my question, but these seem to be what I'm looking
for:
SSLCADNRequestFile / SSLCADNRequestPath
http://httpd.apache.org/docs/trunk/mod/mod_ssl.xml#sslcadnrequestfile
http://issues.apache.org/bu
I think all you need to do is tighten up your SSLRequire rules.
Something like this (all on one line, omitting the backslash at line-end):
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 \
and %{SSL_CLIENT_I_DN} eq "IssuingCA2"
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2
David P. Mott wrote:
>
> I don't know why I didn't find this in the dozens of Google searches
> that I did *before* I posted my question, but these seem to be what I'm
> looking for:
>
> SSLCADNRequestFile / SSLCADNRequestPath
Please be aware that Apache/ModSSL uses den SSLCADNRequest-
File / SS
Oh, good call!
So, now I'm looking at:
* SSLCACertificateFile, to hold all of the certificates that I would
authenticate against;
* SSLCADNRequestFile, to send an acceptable list of certificates to the
client;
* SSLRequire, to prevent malicious clients from sending me a certificate
that woul
