Hi there,
I am trying to do a setup and I am not sure if it is possible at all but if not I was surprised.
It was already confirmed in other threads that Let's Encrypt certificates can NOT be used for client authentication. It is not 100 percent true because actually you can just install your actual server certificate on the client to make it working, but since the latter can just be downloaded from the browser as HTTPS certificate it would not make much sense.
What I am trying to do now is having a Virtual Host configuration in Apache HTTPD where I am using the Let's Encrypt certificate for HTTPS access in browser and a self-signed cert from a self signed CA for Client authentication.
I seem to struggle with the SSL config at all.
Please see the SSL part for my virtual host:
SSLCertificateFile /etc/apache2/certs/letsencrypt.crt
SSLCertificateKeyFile /etc/apache2/certs/letsencrypt.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /etc/apache2/certs/isrgrootx1.pem #This is the Root cert of Let's Encrypt but I wish to use a self signed here....
The thing is that apparently the SSLCACertificateFile directive has to be compatible with the other two directives SSLCertificateFile and SSLCertificateKeyFile. So for me this means I can not combine different certificate authorities each for HTTPS and Client Certificate.
Am I missing something? Any insights will be appreciated.
Thanks so much!
Alex