I would like to know if we can make the client certificate valid for certain sub domain (Virtual Host). For example if I have two client certificate A, B.
A is valid for subdomainX but not for subdomainY. B is valid for subdomainY but not for subdomainX.
A certificate is like a passport: it is either valid or not, i.e. you cannot selectively revoke it only in specific areas. But you can specify which certificates/passports are accepted as authentication in which areas. This can be done for example by not accepting any certificates issued by a specific CA (SSLCACertificateFile) but additionally restricting the subject using SSLRequire. For more information about this see the Apache SSL documentation, specifically the question: "How can I allow only clients who have certificates to access a particular URL, but allow all clients to access the rest of the server?" which shows how to apply such certificate restrictions to specific Locations only.
