Anyone know if it is possible to configure Apache for pki
authentication so that only certificates from a single intermediate CA
are allowed access rather than certificates from all of the
intermediate CAs of a particular root CA?

I've...
Added the root CA and intermediate CA certificates to
SSLCACertificateFile, and the CRLs for both to SSLCARevocationFile and
it allows access to users with certificates from an intermediate CA
that isn't included but that is under the same root CA.

Added only the intermediate CA certificate to SSLCACertificateFile,
and the CRL for that CA to SSLCARevocationFile and the error logs that
it is "unable to get local issuer certificate"

Same as just above, but with adding the RootCA to the
SSLCertificateChainFile thinking this could also apply for client
side.

Manipulated the SSLVerifyDepth count but believe that this isn't going
to help me either...

Thanks for any pointers

Ahnjoan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to