Hello, I've tried authenticating a client certificate using Apache and aforementioned module. All I'm getting to work is for Apache to transmit the entire DN to Radius as username, which contains whitespace and thus doesn't work. For the sake of testing I've tried sending only the country code contained within the DN: Virtualhost configuration is this: <VirtualHost *:443> ... SSLVerifyClient require SSLCACertificateFile /CA.pem SSLVerifyDepth 2 SSLOptions +FakeBasicAuth +StdEnvVars SSLUserName SSL_CLIENT_S_DN_C <Location /> AuthType basic AuthName "Cert" AuthBasicProvider radius # AuthBasicFake "%{SSL_CLIENT_S_DN_C}" <RequireAny> Require valid-user </RequireAny> </Location> </VirtualHost> Without "SSLOptions +FakeBasicAuth", Radius isn't queried at all. Using "AuthBasicFake" does not change things (specifying it alone does not query Radius, and specifying it additionally to SSLUsername does not change anything). Has anyone ever made extracting a part of the DN in order to provide it to Radius work with Apache? (Apache version in this case is 2.4.23) I've found some bug reports for Apache, the state of which is not clear however: https://bz.apache.org/bugzilla/show_bug.cgi?id=52616 https://bz.apache.org/bugzilla/show_bug.cgi?id=31418 Thanks, Marki