Whiteboard Accessories User Manual
148 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Certificates in the chain are assumed to be valid for client authentication as well,
when client authentication (SSLVerifyClient) is used.
8. SSLCACertificateFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificates for certification authorities (CAs) used for client authentication.
9. SSLCARevocationFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificate revocation lists of CAs used for client authentication.
10. SSLVerifyClient level
Context: Global, virtual host, directory, .htaccess
This directive configures the authentication of clients to the server. (Note that this
is not normally needed for e-commerce applications, but has use in other
applications.)
Values for level are listed and described in
TABLE B-5.
Typically either none or require is used. The default is none.
11. SSLVerifyDepth depth
Context: Global, virtual host, directory, .htaccess
This directive specifies the maximum certificate chain depth that the server will
allow for client certificates. A value of 0 means that only self-signed certificates
are eligible, whereas a value of 1 means that client certificates must be signed by
a CA known directly to the server (through the SSLCACertificateFile).
Larger values permit delegation of the CA.
12. SSLLog filename
Context: Global, virtual host
TABLE B-5 SSL Verify Client Levels
Level Description
none No client certificate is required
optional Client may present a valid certificate
require Client must present a valid certificate
optional_no_ca Client may present a certificate, but it need not be valid