Robert, I had a look at your page http://wiki.mozilla.org/PSM:CertPrompt. Very interesting!
I noticed, that in the first section under "IE Current Usage", it says that IE will always use that certificate (or lack of certificate) for that site. Only in the second part this is corrected with "IE will always use that certificate to authenticate, until the user closes IE or hits the 'Clear SSL Cache' button. But again in the last section it says "Find all the certificates, present them to the user, remember the user's selection forever" which isn't correct. However this page leads me to something else actually. When a browser doesn't have the complete chain installed in the browser, client auth fails - and this even if the server presents the complete chain as expected to the browser. Additionally, if the chain is missing or no client certificate is installed in the browser, some error like -12777 pops up (Don't remember the correct number right now). This of course is less then helpful for the ones in the unknown.... -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
