SSLClientAuthRequire directive

Description
Allows extensive validation of client certificate information before serving an object
Scope
Directory
Values
Logical expression consisting of attribute checks linked with AND, OR, NOT, and parentheses.
Usage
SSLClientAuthRequire CommonName = Richard

Description of valid logical expressions

For example:

SSLClientAuthRequire (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBM
means that the object will not be served unless the client certificate contains a common name of either Fred Smith or John Deere and the organization is IBM. For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons. If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.

Valid attributes are as follows:

Also valid are the short names:

     IST, ICN, IOU, IC, IL, IO, IE, ST, CN, OU, C, L, O, E 

Note that multiple SSLClientAuthRequire directives are allowed per object, the net effect is that they are AND'd together.

Related information