Slide 52 of 115
Notes:
This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
The following levels are available for level:
none: no client Certificate is required at all
optional: the client may present a valid Certificate
require: the client has to present a valid Certificate
optional_no_ca: the client may present a valid Certificatebut it need not to be (successfully) verifiable.
In practice only levels none and require are really interesting, because level optional doesn't work with all browsers and level optional_no_ca is actually against the idea of authentication (but can be used to establish SSL test pages, etc.)
