Is it possible to allow only some client certificates in Apache to login?
You need to use the SSL_CLIENT_S_*
directives:
Require ssl
Require ssl-verify-client
SSLRequireSSL
SSLOptions +FakeBasicAuth +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Company, LTD." \
and %{SSL_CLIENT_S_DN_OU} eq "Development" \
and %{SSL_CLIENT_S_DN_CN} in {"John Doe", "Jane Doe", "Other One"}
SSLRenegBufferSize 131072
Further reference can be found in the Apache documentation.