Does Apache needs to know about intermediate certificates for client authentication?

certificate apache-2.2 ssl-certificate certificate-authority

When a client authenticates a server, the server will send the chain that is defined in SSLCertificateChainFile, which is your responsibility as server admin. So when the client identifies itself, it is also responsible for sending the whole chain. Apache needs only to know about the CA certificate, which you define in SSLCACertificateFile. You may at your discretion also define chains here, which will make Apache more lenient towards clients not sending chains themselves.

When you sign certificates for users, make sure that the user is provided with the correct chain. Your user can construct a .p12 using the following OpenSSL command:

openssl pkcs12 -export -in ${SIGNED_CERT} -inkey ${PRIVATE_KEY} \
     -name ${USERNAME} -out ${OUTPUT_P12} -certfile ${PROVIDED_CHAIN}

Related

DFSr detected that a file was changed on multiple servers, but "winning" file and that moved to conflicts folder have same hash
What can I do to fix missing start menu/desktop icons for a domain user?
Different "RequiredAuthentications2" for sshd and sftp subsystem
MSTSC + gateway crashes on auto reconnect
IIS integrated mode foreign characters
Exchange 2010 Search-Mailbox SearchQuery with ### on the subject
starting nginx on mac fails with 48: address already in use [duplicate]
Fail2Ban is not adding iptables rules
WSUS and Pulled Patches
Best Practice for Mapping Domain Names to Docker Container
Specify a SHA-1 or SHA-2 cert depending on client abilities
How switching off SSLv3 in Courier-IMAP server affects old Mail User Agents?