I'm trying to set up a system where we would allow high-level, trusted
partners into certain portions of our site, but I'd like to use
client-side certificates for identification and authorization.

I've set myself up as a CA, and added the CA's certificate as a root entity, and I've created my client-side certificate, with private key and all. Now, the question is how to I set it up so that the clients will require a valid certificate to access a specific location in the site, or possibly to use that to fully authenticate to the site?

I've tried something like this before on my test site:

<Location /safe>
 SSLVerifyClient require
 SSLVerifyDepth 1
SSLOptions +FakeBasicAuth
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq "Authorized Group" and \
  %{SSL_CLIENT_S_DN_OU} in {"IT"}
</Location>

But that doesn't quite seem to do it. What I would *like* would be something like [cacert.org,...] where you can click on "cert login", and you can login without prompting of username/password, and merely use your certificate.

Maybe using [mod-auth-cert.sourceforge.net...] would do it.
That may be a little complex of an example, but that would be ideal.

Any hints would be cool!

Thanks!
MM