If you enable client authentication, the server validates
clients by requesting a certificate from the client and verifying
that is signed by a trusted certificate authority (CA) root certificate
in the server key database.
About this task
For each virtual host, choose the level of client authentication:
Procedure
- Specify one of the following values in the configuration
file on the SSLClientAuth directive, for each virtual host stanza
.
A virtual host stanza represents a section of the configuration
file that applies to one virtual host.
Table 1. Client authentication
level. The table lists the value for the client authentication
level and a description of the value
Value |
Description |
None |
The server requests no client certificate from
the client. |
Optional |
The server requests, but does not require, a
client certificate. If presented, the client certificate must prove
valid. |
Required |
The server requires a valid certificate from
all clients, returning a 403 status code if no certificate is present. |
Required_reset |
The server requires a valid certificate from
all clients, and if no certificate is available, the server sends
an SSL alert to the client. This enables the client to understand
that the SSL failure is client-certificate related, and will cause
browsers to re-prompt for client certificate information on subsequent
access. |
For example, SSLClientAuth required.
If
you want to use a certificate revocation list (CRL), add crl,
as a second argument for SSLClientAuth. For example: SSLClientAuth
required crl.
- Save the configuration file and restart the server.