Take a look at the SSLRequire directive. You can choose to only accept client 
certificates issued by a named issuer CN for example.

-ascs

-----Original Message-----
From: pierre lhostis [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 14, 2005 9:53 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Authorize users from an intermediate CA only

Hello all,

I have got a SSL question
I want to use mutual authentication and I only want users from an intermediate 
Certification Authority (CA) to get access to my website.
My intermediate CA (called SubCA here) depends on another CA this way:

RootCA
  \---sign--> mySubCA
                \---sign--> myUsers certificates
  \---sign--> anotherSubCA
                \---sign--> otherUsers certificates


For the moment I am only able to:
- authorize users from a RootCA (selfsigned certificate)
- authorize users from a RootCA (selfsigned certificate) and SubCAs
signed by this RootCA (using SSLVerifyDepth = 2)

BUT, quite obviously, I don't want users from anotherSubCA to get access
to my web site.

So my question is quite simple:

Is this simply possible to only authorize users from my subCA with the
SSLCACertificateFile (SSLCACertificatePath) directive in Apache?


Thanks,
Pierre.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to