httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From galaft wang <gal...@gmail.com>
Subject [users@httpd] How to ignore common name during client certificate verification?
Date Tue, 13 Jul 2010 07:23:03 GMT
Hi,

As we know, directive SSLVerifyClient in mod_ssl can be used for Client
Authentication

SSLVerifyClient require

It means the client *has to* present a valid Certificate

However, for specific purpose, I only want to verify: whether client's
certificate is issued by trusted CA.
I do not want to verify common name in client's certificate.
In another word, if the client certificate is issued by trusted CA, even its
common name is not matched, we can also consider this client certificate is
valid.

How to configure Apache for such purpose? Thanks!

Br,
Jason

Mime
View raw message