Enabling client authentication
If you enable client authentication, the server validates clients by checking for trusted certificate authority (CA) root certificates in the local key database.
For each virtual host, choose the level and the type of client authentication.
- Choosing the level of client authentication
- Choosing the type of client authentication protection
- Finding related information
Choosing the level of client authentication
- Specify one of the following values in the configuration file on the
SSLClientAuth directive, for each virtual host stanza .
A virtual host stanza represents a section of the configuration file that applies to one virtual host.
None The server requests no client certificate from the client. Optional The server requests, but does not require, a client certificate. If presented, the client certificate must prove valid. Required The server requires a valid certificate from all clients. For example, SSLClientAuth required
If you want to use a certificate revocation
list (CRL), add crl, as a second argument for SSLClientAuth.
For example: SSLClientAuth required crl. - Save the configuration file and restart the server.
Choosing the type of client authentication protection
- Specify one of the following directives in the configuration file, for each virtual host stanza:
- SSLClientAuthRequire:
Recommended. Refer to the description of SSLClientAuthRequire.For example, SSLClientAuthRequire CommonName=Richard
- SSLFakeBasicAuth:
Not recommended. Refer to the description of SSLFakeBasicAuth. If you specify SSLFakeBasicAuth, ensure that the mod_ibm_ssl module appears last in the module list.
- SSLClientAuthRequire:
- Save the configuration file and restart the server.
| Finding related information |
(Back to the top)