Verify and authenticate digital certificates from trusted CA with Apache+mod_ssl

Question

I set a test server with a self signed SSL certificate and http-authentication with personal digital certificates issued by my test CA and everything works fine.

What if I want to authenticate users that have a digital certificate issued by several other trusted CAs in my country? What do I need to do (other than getting a real SSL certificate for the webserver) in order to make apache able to do that?

I suppose it has to do with the "SSLCACertificateFile" directive, but would like to hear someone who is more prepared on the subject.

Thanks!

Answer 1

The answer to this question is the following:

Include the PEM encoded root certificate of the CA you want to be able to authenticate on your server in the file specified by the SSLCACertificateFile directive. CRL check is needed to ensure the private key of the certificate hasn't been compromised.