Is it possible to allow only some client certificates in Apache to login?

certificate apache-2.2 ssl ssl-certificate mod-ssl

You need to use the SSL_CLIENT_S_* directives:


    Require              ssl
    Require              ssl-verify-client
    SSLRequireSSL
    SSLOptions           +FakeBasicAuth +StrictRequire
    SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 256
    SSLRequire           %{SSL_CLIENT_S_DN_O} eq "Company, LTD." \
                         and %{SSL_CLIENT_S_DN_OU} eq "Development" \
                         and %{SSL_CLIENT_S_DN_CN} in {"John Doe", "Jane Doe", "Other One"}
    SSLRenegBufferSize   131072
Further reference can be found in the Apache documentation.

Related

Linux ping command exits early due to ICMP host unreachable
Time to first byte: why is it so high? [closed]
How can I proactively detect compromised Exchange 2010 accounts?
How safe is it to protect an ssh key without passphrase using the "command" option in the authorized_keys file?
Why does Remove-ADGroupMember default to requiring confirmation?
Windows 2012 hyper-v saying degraded (integration services upgrade required) on Ubuntu 12.04
Why are DNS lookups not respecting /etc/nsswitch.conf & /etc/host.conf?
Confirm disk is broken when it passes all diagnostics
Is there ever a reason to use tmpfs instead of or in addition to zRAM?
Is this a sign of dying hard drive?
Nginx + WordPress : 414 Request-URI Too Long
KVM: Run a script when a guest is shutdown from within?