Anyone know if it is possible to configure Apache for pki authentication so that only certificates from a single intermediate CA are allowed access rather than certificates from all of the intermediate CAs of a particular root CA?
I've... Added the root CA and intermediate CA certificates to SSLCACertificateFile, and the CRLs for both to SSLCARevocationFile and it allows access to users with certificates from an intermediate CA that isn't included but that is under the same root CA. Added only the intermediate CA certificate to SSLCACertificateFile, and the CRL for that CA to SSLCARevocationFile and the error logs that it is "unable to get local issuer certificate" Same as just above, but with adding the RootCA to the SSLCertificateChainFile thinking this could also apply for client side. Manipulated the SSLVerifyDepth count but believe that this isn't going to help me either... Thanks for any pointers Ahnjoan --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]