Maybe this is a Netscape security problem, not Apache .... I had tried Apache+ssl with various levels of SSLVerifyClient, with Netscape 4.5. On one platform, I had no certificates. On another, I had one from the local phone company. level 0 certs 1 cert none OK OK optional OK NO require didn't try generating one optional_no_ca OK OK, accepts my existing cert If I have no cert, I click through the Netscape alerts and eventually see my page. If I have one, there is no option not to present it. So the server set to optional_no_ca accepts the certificate I do have, and logs some information from it. This may be a privacy concern. With "optional", I present my cert and it's wrong, so I'm refused. regards Deniable unless digitally signed Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 http://andrew.triumf.ca/andrew ______________________________________________________________________ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
