![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Go to the following directory: cd /etc/apache2/sites-enabled/.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
For the required host in nano openxpki.conf, add SSLVerifyClient require.
For example, if you are using port 443, modify the VirtualHost section to:
<VirtualHost *:443> SSLVerifyClient require </VirtualHost>
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Remove the SSLVerifyClient optional_no_ca command.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Save the file, and then type quit to exit from MySQL.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Go to the following directory: cd /etc/openxpki/config.d/realm/democa/est.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Open default.yaml and democa.yaml.
Note: If the label is different, then change the YAML file.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Run the following command:
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
In the authorized_signer section, add the following:
authorized_signer: rule2: subject: CN=,.
For example, if your client certificate subject name is test123, then add the following in the authorized_signer section:
authorized_signer: rule1: # Full DN subject: CN=.+:pkiclient,. rule2: subject: CN=test123,.*
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Save the file, and then type quit to exit MySQL.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Restart the OpenXPKI service using openxpkictl restart.
![](https://publications.lexmark.com/media/ids_assets/images/transparent.png)
Restart the Apache service using service apache2 restart.