Choose the level of client authentication

Choose the level of client authentication

If we enable client authentication, the server validates clients by checking for trusted certificate authority (CA) root certificates in the local key database.

Overview
For each virtual host, choose the level of client authentication:

Procedure

Specify one of the following values in the configuration file on the SSLClientAuth directive, for each virtual host stanza. A virtual host stanza represents a section of the configuration file that applies to one virtual host.

None The server requests no client certificate from the client.
Optional The server requests, but does not require, a client certificate. If presented, the client certificate must prove valid.
Required The server requires a valid certificate from all clients.

For example, SSLClientAuth required.
If we want to use a certificate revocation list (CRL), add crl, as a second argument for SSLClientAuth. For example: SSLClientAuth required crl.

Save the configuration file and restart the server.

Related tasks

Setting advanced SSL options

None	The server requests no client certificate from the client.
Optional	The server requests, but does not require, a client certificate. If presented, the client certificate must prove valid.
Required	The server requires a valid certificate from all clients.