I found this in my old notes - it may help you?

Q) Netscape keeps asking me which certificate to use
   for every single page on a site - why?

A) The Netscape security settings are incorrect. 
   To fix this problem: 
   . Click on the padlock at the bottom left of the 
     window to display 'Security Info' 
   . Click on 'Navigator' to display the Navigator 
     security settings 
   . Under 'Certificate to identify you to a web site:' 
     choose 'Select Automatically'
   . Click on the 'Ok' button to save this change. 

Note that Apache is doing what you have asked it to do,
in that all items under location /work require a client
cert. There are SSL settings called keepalive which were
ment to help speed up the SSL connection, but MS IE does
not work properly with them, so you cannot turn them on
unless you only have Netscape clients.

Regards
Jeff

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: 13 May 2002 16:55
To: [EMAIL PROTECTED]
Subject: client certificate requested for EVERY html page


Hi, i've set up an Apache/mod_ssl web server, create a CA, installed
the server certifcate, etc, etc.

The i went trough the CLIENT CERTIFICATE process.
everything worked fine (Client Request -> CA Sign the cert
  -> Browser LOAD the cert)


THE PROBLEM IS that the SERVER REQUEST THE CERTIFICATE EVERY TIME I
  LOAD A NEW HTML PAGE. This means that the browser - NETSCAPE 6.2.1 - 
  display continuously the CLIENT CERTIFICATE REQUEST windows!

This is the httpd config:
-------------------------
  SSLVerifyClient none
  SSLCACertificateFile /...correct_path_here.../cacert.pem
  <Location /work >
    SSLVerifyClient require
    SSLVerifyDepth  1
  </Location>

....and i have 3 HTML pages in /work dir, each containing 
a LINK to the others (to test the system)

AM I MISSING SOMETHING REALLY ...obvious...?

TIA
luca.







______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to