How to ignore common name during client certificate verification?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: How to ignore common name during client certificate verification?
From: galaft wang <galaft@xxxxxxxxx>
Date: Tue, 13 Jul 2010 15:23:03 +0800
Reply-to: users@xxxxxxxxxxxxxxxx

Hi,

As we know, directive SSLVerifyClient in mod_ssl can be used for Client Authentication

SSLVerifyClient require

It means the client has to present a valid Certificate

However, for specific purpose, I only want to verify: whether client's certificate is issued by trusted CA.

I do not want to verify common name in client's certificate.

In another word, if the client certificate is issued by trusted CA, even its common name is not matched, we can also consider this client certificate is valid.

How to configure Apache for such purpose? Thanks!

Br,

Jason

Follow-Ups:
- Re: How to ignore common name during client certificate verification?
  - From: Eric Covener

Prev by Date: Re: httpd.conf: Invalid argument
Next by Date: Re: How to ignore common name during client certificate verification?
Previous by thread: In Apache 2.2.x Why parent httpd process isn't spawning a new replacement child in a timely fashion, after MaxRequestsPerChild has been hit and the child worker httpd has exited.
Next by thread: Re: How to ignore common name during client certificate verification?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]