I'm testing a client authentication using: SSLCACertificateFile /path/to/pemfile.pem <LocationMatch "/test"> SSLVerifyClient require SSLVerifyDepth 2 SSLOptions +StdEnvVars +ExportCertData SSLRequire %{SSL_CLIENT_I_DN} eq "/C=US/O=acme/OU=acme/CN=acme" /LocationMatch>
I should use two different CA with the same DN (file /path/to/pemfile.pem) When i try to use this configuration I receive: Access totest denied for 10.10.10.10 (requirement expression not fulfilled) Failed expression: %{SSL_CLIENT_I_DN} eq ... The only way it works is without the SSLRequire directive. or Using only one CA in the file (file /path/to/pemfile.pem) Some suggestions? Regards Michele Masè