SSLClientAuthRequire (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBMmeans that the object will not be served unless the client certificate contains a common name of either Fred Smith or John Deere and the organization is IBM. For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons. If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.
Valid attributes are as follows:
Also valid are the short names:
IST, ICN, IOU, IC, IL, IO, IE, ST, CN, OU, C, L, O, E
Note that multiple SSLClientAuthRequire directives are allowed per object, the net effect is that they are AND'd together.