Whiteboard Accessories User Manual

148 Sun Crypto Accelerator 4000 Board Installation and User’s Guide May 2003
Certificates in the chain are assumed to be valid for client authentication as well,
when client authentication (SSLVerifyClient) is used.
8. SSLCACertificateFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificates for certification authorities (CAs) used for client authentication.
9. SSLCARevocationFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificate revocation lists of CAs used for client authentication.
10. SSLVerifyClient level
Context: Global, virtual host, directory, .htaccess
This directive configures the authentication of clients to the server. (Note that this
is not normally needed for e-commerce applications, but has use in other
applications.)
Values for level are listed and described in
TABLE B-5.
Typically either none or require is used. The default is none.
11. SSLVerifyDepth depth
Context: Global, virtual host, directory, .htaccess
This directive specifies the maximum certificate chain depth that the server will
allow for client certificates. A value of 0 means that only self-signed certificates
are eligible, whereas a value of 1 means that client certificates must be signed by
a CA known directly to the server (through the SSLCACertificateFile).
Larger values permit delegation of the CA.
12. SSLLog filename
Context: Global, virtual host
TABLE B-5 SSL Verify Client Levels
Level Description
none No client certificate is required
optional Client may present a valid certificate
require Client must present a valid certificate
optional_no_ca Client may present a certificate, but it need not be valid