If you enable client authentication, the server validates clients by requesting a
certificate from the client and verifying that is signed by a trusted certificate authority (CA)
root certificate in the server key database.
About this task
For each virtual host, choose the level of client authentication:
Procedure
- Specify one of the following values in the configuration file on the SSLClientAuth
directive, for each virtual host stanza .
A virtual host stanza represents a section of
the configuration file that applies to one virtual host.
Table 1. Client authentication
level. The table lists the value for the client authentication level and a description
of the value
| Value |
Description |
| None |
The server requests no client certificate from the client. |
| Optional |
The server requests, but does not require, a client certificate. If presented,
the client certificate must prove valid. |
| Required |
The server requires a valid certificate from all clients, returning a 403
status code if no certificate is present. |
| Required_reset |
The server requires a valid certificate from all clients, and if no
certificate is available, the server sends an SSL alert to the client. This enables the client to
understand that the SSL failure is client-certificate related, and will cause browsers to re-prompt
for client certificate information on subsequent access. |
For example, SSLClientAuth required.
If you want to use a
certificate revocation list (CRL), add crl, as a second argument for
SSLClientAuth. For example: SSLClientAuth required crl.
- Save the configuration file and restart the server.
![[z/OS]](../images/ngzos.svg)
![[AIX Solaris HP-UX Linux Windows]](../images/ngdist.svg)