published on
tags: apache2 webserver linux certificate

apache2 ssl enabled vhost with client certificate

To create a ssl secured apache vhost which requires client certificates for parts of the website add the following

<VirtualHost *:443>
        # general ssl vhost part
        ServerName example.com
        DocumentRoot /var/www/example
        CustomLog /var/log/apache2/example.log vhost_combined
        ErrorLog /var/log/apache2/example_err.log
        SSLEngine on
        SSLCertificateFile /path/to/certificate.crt
        SSLCertificateKeyFile /path/to/key.key
        # client certificate required for certain files
        <Files example.html>
                SSLVerifyClient         require
                SSLVerifyDepth          5
                SSLCACertificateFile    /path/to/root.crt
                SSLCACertificatePath    /path/to
                SSLRequire              %{SSL_CLIENT_S_DN_Email} eq "user1@example.com" or %{SSL_CLIENT_S_DN_Email} eq "user2@otherdomain.com"
                SSLRequireSSL
        </Files>
        # client certificate required for (sub) directories
        <Directory "/var/www/example/subdir/">
                SSLVerifyClient      require
                SSLVerifyDepth       5
                SSLCACertificateFile    /path/to/root.crt
                SSLCACertificatePath    /path/to
                SSLRequire              %{SSL_CLIENT_S_DN_Email} eq "user1@example.com" or %{SSL_CLIENT_S_DN_Email} eq "user2@otherdomain.com"
                SSLRequireSSL
 </Directory>
</VirtualHost>