path based client ssl verification is messy as it requires the client/server to do a (secure) renegotiation. You're better off doing a separate domain or make it ssl_verify_client optional at the top level and check the compliance at application level.by daniel.b - Ideas and Feature Requests