Hi, I am relatively new to Apache and below is what I need to achieve. I have an Apache server with following key and certificate. ->apache_server_private_key.pem ->apache_server_public_cert.cer(Signed By Verisign CA) I have 3 clients who should be able to access the apache server based on their certificates. All their certificates are signed by verisign CA. Client 1 has following key certificate pait ->apache_client1_private_key.pem ->apache_client1_public_cert.cer (Signed By verisign CA) Similarly client 2 ->apache_client2_private_key.pem ->apache_client2_public_cert.cer (Signed by Verisign CA) Similarly client 3 ->apache_client3_private_key.pem ->apache_client3_public_cert.cer (Signed by Verisign CA) The server and clients will exchange their public certificates for mutual authentication. I want the clients having these public certificates should be able to access these server and every one else should be rejected. During SSL handshake the apache server only validates the CA of the incoming public certificate and if the CA is trusted, it allows the connection. By this logic any certificate signed by the same verisign CA will be able to access my application. Question: 1. Can I configure Apache to match the exact public certificate insted of verifying the signing CA? 2. Can I store the client's public certificates in a key store directory and configure Apache to verify the incoming client certificates based on public certificates in that directory. In short, can I have a trust store or validation credential ? Any help/suggestion is greatly appreciated.