User has the requirement to host multiple services with mutual SSL based authentication. To get this to work, its crucial that in the ServerHello message the trusted certificate authorities are appearing in the CertificateRequest section. Its my understanding that this is controllable by the certificate purpose
"Signing client certs" in the list of trusted certificates. As the services are independent from each other and as we observed the clients are pretty sensitive during the SSL handshake when e.g. more than one trusted CA appears in the ServerHello/CertificateRequest message, I want to have an isolated SSL configuration per service in order to specify per service (or per webport) which client certificate issuer is being trusted. However, it seems the certificate purpose is controllable only on a global level, applying for all services and all web ports.
Is it possible to set certificate purpose per web port?