You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Matthew McHugh <mm...@arrow.com> on 2005/05/31 19:40:08 UTC

[users@httpd] Question about how to do certificate based authentication with Apache 2.0.50 ....

Hello All,
 
I am using Apache 2.0.50 on a Sun solaris webserver.  I am trying to limit
(for one virtual host) access to the site.  I want to limit the access to
one company that passes me their certificate.  Is there a way to do this
with apache 2.0.50?  I see that something can be done with client
authentication, but that requires me to create my own CA and hand out
certificates, then allow all certs signed by that CA to have access to the
environment.  My client will be using a Verisign signed certificate and I do
not wish to allow all clients with a Verisign signed certificate to access
my protected environment.
 
Is there a way to lock it down to only one certificate or do I need to allow
access to all clients passing certificates that are signed from a specific
CA?
 
 
Any help would be much appreciated.
 
 
Thanks,
 
 
Matt