Enable client authentication

If you enable client authentication, the server validates clients by checking for trusted certificate authority (CA) root certificates in the local key database.

For each virtual host, choose the level and the type of client authentication.

Choose the level of client authentication

  1. In the configuration file, on the SSLClientAuth directive, specify one of the following values for each virtual host stanza. A virtual host stanza is a section of the configuration file that applies to one virtual host.
    none
    The server requests no client certificate from the client.
    optional
    The server requests, but does not require, a client certificate. If it is presented it must be valid.
    required
    The server requires a valid certificate from all clients.

    For example,

       SSLClientAuth required
    

  2. Save the configuration file and restart the server.

Choose the type of client authentication protection

  1. In the configuration file, specify one of the following directives for each virtual host stanza:

Related information