iTP Secure WebServer System Administrator's Guide (Version 7.0)

Configuring for Secure Transport

iTP Secure WebServer System Administrator’s Guide—523346-012

4-30

Using the -requireauth Option

Therefore, the server’s action depends on its specific configuration, as shown in the list

of variable settings in Using the -requestauth Option.

Using the -requireauth Option

When you set the -requireauth option, and the Web client supplies an invalid

certificate (for example, if the certificate does not exist, contains an error, is forged or

expired, or is issued by a CA that is unknown to the server), the server always refuses

the connection request from the Web client, and then logs error messages to the error

and extended log files.

When the Web client supplies a valid certificate, the server allows the connection and

sets the HTTPS_CLIENT_STATUS variable to valid. The server also sets all the other

HTTPS_CLIENT Tcl/CGI variables at the same time. For information about these

Tcl/CGI variables, see Passing CGI Environment Variables on page 8-11.