On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza <thespamer at gmail.com> wrote: > I just found it. > > Hope to help someone with same requirement. > > http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html > There's also Origin Bound Certificates (OCB), http://www.czeskis.com/research/pubs/tls-obc.pdf. They are like "tear-off" personal certificates. A user generates one on the fly for an origin/site, and then uses it when needed. Its not signed by an authority, so its like the user equivalent to a server's self signed certificate. The appealing thing with them is they effectively stop the MitM games played by many user agents. Not surprisingly, the browser have mostly rejected them because in their security model, interception is a valid use case. Jeff
