httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Toomas Aas <>
Subject Re: [users@httpd] client side certificate authentication
Date Mon, 16 Dec 2013 20:29:50 GMT

> I am struggling to understand the concept of client side authentication
> enabled in SSL apache. I have been reading the posts, google pages but
> still clueless.
> What I could understand till now is 3 configuration parameter is required
> SSLVerifyClient
> SSLVerifyDepth
> SSLCACertificate File
> The points on which I am confused is SSLCARevocationFile.

The meaning of SSLCARevocationFile is really quite simple. Let's say  
that we have issued certificates to all employees in our company.  
These certificates are issued by the CA whose certificate is in  
SSLCACertificateFile. Apache is configured to trust all certificates  
issued by this CA. Now one of the employees leaves and should no  
longer have access. We can't really "take back" the certificate file  
issued to this employee, so we just declare that we no longer trust  
this particular certificate - in other words, we revoke the  
certificate. Such revoked certificates are listed in "Certificate  
Revocation List" - a file which SSLCAReviocationFile points to.

Toomas Aas

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message