Julien Pierre <[EMAIL PROTECTED]> wrote > In truth, most people do not have more than one valid cert per issuer > with a different subject, much less more than one valid cert for more > than one issuer.
I'm in the minority then, and it is annoying. I've had a corporate cert for years, and it includes an email cert. Now a mandate has come down for everybody to get an identity-only cert from the same corporate CA, even if you already have one. > Therefore, in my opinion, the complexity of that UI > would outweigh its benefits. The "ask every time" setting already allows > you to do what you need, at the cost of an extra click at connection > time as you get prompted. I do find it annoying. While it's probably rare to find a person with multiple certs from the same CA I can see it happening more often... a single user may have his "normal" identity cert but also have a privileged or administrative cert. This probably shows more about the corporation's ignorance of PKI, but that's another story. > Another suggestion : if you never use the other (non-default) > certificate, you may as well delete it from your cert database, I'm trying to find out if the new cert is really required, or if the old cert is "close enough." To further complicate things the non-default cert is the one I use most often. Unfortunately I'm having trouble getting the Citrix ICA plugin working on Mozilla to test all this, but that's another story :-) tg.
