Configure Apache to require a client certificate

To configure Apache to require a client certificate:

1. Open the httpd-ssl.conf file.

2. Find the related VirtualHost and modify as follows:

   1. Add the certificate authority that Apache will trust for client certificates

      # CA that Apache will trust for client certificates

      SSLCACertificateFile " /<apache-directory>/conf/TrustedCA.pem"

   2. Set the SSLVerifyClient parameter:

      SSLVerifyClient require

      SSLVerifyDepth 10

   3. If you have a certificate revocation file, add the following line:

      SSLCARevocationFile <full name of the revocation file> SSLCARevocationCheck chain

   4. If OCSP is needed, set the SSLOCSPEnable parameter:

      SSLOCSPEnable on

3. Restart Apache so it will read the new configuration.

   Run <apache-directory>/bin/apachectl -k restart

4. Verify that Apache accepts your client certificate.

   Go to https://webserver/qcbin. Make sure the OpenText Application Quality Management home page opens after you provide your client certificate.

   Note: If you have several client certificates that can be used, the browser should show the choice dialog box.