This is a part of an Apache virtualhost configuration, the incoming request, which matches, are forwarded to the Apache Tomcat server. All clients must send a client certificate for authentication for App1, but for App2 it should be optional.
SSLVerifyClient require
SSLVerifyDepth 2
SSLOptions +ExportCertData +StdEnvVars
ProxyRequests Off
ProxyPass /app1/services/App01 ajp://localhost:8307/app1/services/App01
ProxyPass /app1/services/App02 ajp://localhost:8307/app2/services/App02
<Location /app1/services/App01>
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
<Location /app2/services/App02>
ProxyPassReverse ajp://localhost:8307/app2/services/App02
</Location>
So is there a posibility to switch for app2 the SSLVerifyClient directive from required to optional?
After reading a lot of documentation and trying out different approaches I found the solution!
Bring all proxy directives into the Location context, set the SSLVerifyClient directive for these host or virtualhost to optional and put SSLVerifyClient require into the Location directive where it’s needed.