I am writing a front end app for my company using PHP on Apache server.
Everyone in my company have their own client certificates.
I can use below code
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
SSLCACertificateFile "C:/xampp/htdocs/frontEnd/clientca.crt"
to force the user to select the client certificate they want to use, if their client certificate was signed by one of the intermediate certificate listed in the file.
I am trying to add another layer of security by checking the email listed on the certificate. For example, I only allow the client certificate with an email under @example.com to access the site.
I've checked a lot of websites for example mod_ssl but I still can't get my head around it.
Can anyone please help me?
Thank you.