2.3.158 SSLExportCertChainDepth

Description

When SSL client authentication is used, SSLExportCertChainDepth specifies the depth of the certificate chain, when certificates (from those from the CA that issued the client certificate, to those from the root CA) are to be set for the environment variables SSL_CLIENT_CERT_CHAIN_n. The specified value becomes the maximum value of n. This directive is enabled only if the SSLExportClientCertificates directive is specified. Because the value specified in this directive will be the number of CA certificates that are cached on the gcache server, you can use the cache more efficiently if you specify the number of CA certificates that are necessary for CGI programs and servlets. Note, however, that if some of the certificates that were cached because of memory restrictions have been deleted and can no longer be acquired, only the certificates that can be acquired will be set in the environment variables.

Syntax

SSLExportCertChainDepth value

Specifiable values

0

Does not set the environment variables.

1 to 9

Assigns certificates to the environment variables in order from the certificate closest to the client certificate. The values derived by changing DER-format certificates to Base64-encoding are set for the environment variables. The size of a certificate encoded in Base64 is approximately 1 KB.

Default value

If the definition item is omitted

0

Locations where it can be written

httpsd.conf and <VirtualHost>