How to Enable multiple URL's with mTLS in place

Question

Mine is a web server i need multiple URL's of the server enabled with mTLS in place. This is my code.

<IfModule ssl_module>
Header set Cache-Control "no-store"
Header always set Strict-Transport-Security max-age=31536000
SSLEngine on
SSLProtocol TLSv1.2
#SSLCipherSuite aRSA:kRSA:AES128-CBC:SHA
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!RC4
SSLSessionCache "shmcb:/opt/app/swift/vizgems/data/www/logs/ssl_scache(512000)"
SSLCertificateFile "/opt/app/swift/vizgems/data/www/conf/server.crt"
SSLCertificateKeyFile "/opt/app/swift/vizgems/data/www/conf/server.key"
SSLCACertificateFile "/opt/app/swift/vizgems/data/www/conf/haloe-web-junction-cert-chain.pem"

SSLVerifyClient require
SSLVerifyDepth  10

<Location /site/>
SSLRequire ( %{SSL_CLIENT_S_DN_CN} eq "haloe-jucntion.stage.att.com" )
AllowOverride none
</Location>
</IfModule>

score 0 · Answer 1 · answered Oct 18 '22 at 10:48

To enable multiple URL's with mTLS in place, the following steps should be followed:

Install a certificate from the file store and select all URLs to be enabled by this certificate.
Encrypt all URLs that are not part of the certificate.
Configure the cipher suites between TLS 1.0 and TLS 1.2, but disable TLS 1.1 and 2192-Padding (PKCS #1)

How to Enable multiple URL's with mTLS in place

1 Answers1