Take a look at the SSLRequire directive. You can choose to only accept client certificates issued by a named issuer CN for example.
-ascs
-----Original Message-----
From: pierre lhostis [mailto:pierre.lhostis@xxxxxxxxxx]
Sent: Tuesday, June 14, 2005 9:53 AM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Authorize users from an intermediate CA only
Hello all,
I have got a SSL question
I want to use mutual authentication and I only want users from an intermediate Certification Authority (CA) to get access to my website.
My intermediate CA (called SubCA here) depends on another CA this way:
RootCA
\---sign--> mySubCA
\---sign--> myUsers certificates
\---sign--> anotherSubCA
\---sign--> otherUsers certificates
For the moment I am only able to:
- authorize users from a RootCA (selfsigned certificate)
- authorize users from a RootCA (selfsigned certificate) and SubCAs
signed by this RootCA (using SSLVerifyDepth = 2)
BUT, quite obviously, I don't want users from anotherSubCA to get access
to my web site.
So my question is quite simple:
Is this simply possible to only authorize users from my subCA with the
SSLCACertificateFile (SSLCACertificatePath) directive in Apache?
Thanks,
Pierre.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|