> The use of "required" certificates is preferred because most browsers > won't send a certificate when it is specified as "optional".
My client-cert browser experience includes IE v5.01-6, NS 4.7n, and the latest Netscape and Mozilla, your userbase may vary. In these browsers, irrespective of whether certs are required or optional, the browser will generally ask the user to select the cert they wish to use. (generally because this can be tweaked by user preference). Only where there is no certificate, or when the user chooses 'Cancel' is no certificate presented. If you make the client cert 'Optional' you will receive the request, and be able to detect the absence of a certificate, allowing you to redirect to a friendly error page / registration page. If you make the client cert 'Required' the user will get the browser generated error page saying that it was unable to connect to the site, and that the site may be down etc. Regards Jeff -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
