Hello, I have Apache 2.4 (win32) and have the following in my CA bundle. Root 1 Subordinate 1 Subordinate 2
My server was signed off Subordinate 1 When I do openssl s_client -connect server:443 it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names. If I remove Subordinate 2 from the bundle, It only shows Subordinate 1 as a acceptable CA. However, if I remove Subordinate 1, it still shows as an acceptable CA. It seems httpd references not only cabundle/cafiles but also certs in the Chain file. as acceptable CAs. Is it possiable to prevent a user signed off Subordinate 1 from using client certificate authentication while the server cert is issued off Subordinate 1? --Dan
