148 Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Certificates in the chain are assumed to be valid for client authentication as well,
when client authentication (SSLVerifyClient) is used.
8. SSLCACertificateFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificates for certification authorities (CAs) used for client authentication.
9. SSLCARevocationFile file
Context: Global, virtual host
This directive specifies the location of a file containing the concatenation of the
certificate revocation lists of CAs used for client authentication.
10. SSLVerifyClient level
Context: Global, virtual host, directory,.htaccess
This directive configuresthe authentication of clients to the server. (Note that this
is not normally needed for e-commerce applications, but has use in other
applications.)
Valuesfor level are listed and described in TABLE B-5.
Typicallyeither none or require is used. The default is none.
11. SSLVerifyDepth depth
Context: Global, virtual host, directory,.htaccess
This directive specifies the maximum certificate chain depth that the server will
allow for client certificates. A value of 0 means that only self-signed certificates
are eligible, whereas a value of 1 means that client certificatesmust be signed by
a CA known directly to the server (through the SSLCACertificateFile).
Larger values permit delegation of the CA.
12. SSLLog filename
Context: Global, virtual host
TABLEB-5 SSL VerifyClient Levels
Level Description
none No client certificateis required
optional Client may presenta valid certificate
require Client must presenta valid certificate
optional_no_ca Client may presenta certificate, but it need not be valid