|
Problem |
Use the following information when enabling SSL client
certificate authentication. The SSLClientAuth directive is used to enable
SSL client certificate authentication, and the SSLClientAuthRequire
directive is used in conjunction with SSLClientAuth to restrict client
access to certain URLs and directories. |
|
Solution |
The system must already be set up for multiple IP-based
SSL virtualhosts. An example of this is found in IP-Based Virtual Hosting must be used if configuring
multiple SSL Virtual Hosts. After two PKCS12 browser certificates are created
for two browsers in iKeyman, add the following two directives to each of
the SSL Virtual hosts.
SSLClientAuth required
<Location />
SSLClientAuthRequire (CommonName = "Common Name in
Certificate")
</Location> |
 |
The SSLClientAuthRequire directive can use any unique value in
the certificate that is created. Generally, the common name is an
identifier, such as a person's name or a group's name that requires access
to the site.
The SSLClientAuthRequire directive works only if it is placed
within a location or directory stanza. In the preceding example, this
requires the browser certificate for any location in the site from the
root down. |
|
|
|
|
|
|