Take a look at the SSLRequire directive. You can choose to only accept client certificates issued by a named issuer CN for example.
-ascs -----Original Message----- From: pierre lhostis [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:53 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Authorize users from an intermediate CA only Hello all, I have got a SSL question I want to use mutual authentication and I only want users from an intermediate Certification Authority (CA) to get access to my website. My intermediate CA (called SubCA here) depends on another CA this way: RootCA \---sign--> mySubCA \---sign--> myUsers certificates \---sign--> anotherSubCA \---sign--> otherUsers certificates For the moment I am only able to: - authorize users from a RootCA (selfsigned certificate) - authorize users from a RootCA (selfsigned certificate) and SubCAs signed by this RootCA (using SSLVerifyDepth = 2) BUT, quite obviously, I don't want users from anotherSubCA to get access to my web site. So my question is quite simple: Is this simply possible to only authorize users from my subCA with the SSLCACertificateFile (SSLCACertificatePath) directive in Apache? Thanks, Pierre. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
