Re: [ssl-users] Apache & Client Auth.

Thu, 16 Apr 1998 20:18:44 -0400 

Kristofer A. E. Peterson wrote:
> 
> Vanni Galesso wrote:
> 
> > Hello ,
> >
> > I'm using Apache with SSLeay with Client Authentication .
> > The problem is that Apache ask the client certificate every time I load
> > a page .
> > Es. I have a html page with 3 frames so the Web server ask me 3 times my
> > certificate .
> > Is it possible to set something that allow me to present only one time
> > my certificate ??
> >
> > Thanks in advanced .
> >
> > Regards     VANNI
> 
> When you set Apache-SSL to request client authentication, it asks for a
> client certificate for every connection. This means that for every page,
> (and every frame it seems) the browser opens a connection, sends a client
> certificate, and then closes it. In this case, the browser isn't smart
> enough to send the same certificate you already, and asks you again which
> one to send. If you only use one certificate for client authentication, you
> can tell Netscape v4 to always use a certain certificate, and not ask you
> every time. To do this, go into the Security Info window, select the
> Navigator link, and select the certificate you want to use in the drop down
> menu. This will get rid of the annoying popups asking you for a
> certificate.

Two things:

1. I've found that Netscape has a tendancy to crash if you have more
than one certificate and tell it to auto-select, so the above method
only works if you only have the one certificate.

2. Ben's currently working on a version of Apache-SSL that does session
cacheing, so this problem will go away RSN...

cheers,
Adam
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:[EMAIL PROTECTED]
UNITED KINGDOM                PGP key on keyservers
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to