httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From galaft wang <>
Subject [users@httpd] How to ignore common name during client certificate verification?
Date Tue, 13 Jul 2010 07:23:03 GMT

As we know, directive SSLVerifyClient in mod_ssl can be used for Client

SSLVerifyClient require

It means the client *has to* present a valid Certificate

However, for specific purpose, I only want to verify: whether client's
certificate is issued by trusted CA.
I do not want to verify common name in client's certificate.
In another word, if the client certificate is issued by trusted CA, even its
common name is not matched, we can also consider this client certificate is

How to configure Apache for such purpose? Thanks!


View raw message