SSLClientAuthRequire directive

Allows extensive validation of client certificate information before serving an object
Logical expression consisting of attribute checks linked with AND, OR, NOT, and parentheses.
SSLClientAuthRequire CommonName = Richard

Description of valid logical expressions

For example:

SSLClientAuthRequire (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBM
means that the object will not be served unless the client certificate contains a common name of either Fred Smith or John Deere and the organization is IBM. For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons. If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.

Valid attributes are as follows:

Also valid are the short names:

     IST, ICN, IOU, IC, IL, IO, IE, ST, CN, OU, C, L, O, E 

Note that multiple SSLClientAuthRequire directives are allowed per object, the net effect is that they are AND'd together.

Related information