Hi,
I was wondering if, when configuring Apache for client-authenticated SSL (i.e., using client certs), there is a way to configure Apache to force a re-authentication of each HTTPS *request*? Note, when I say "each HTTPS request" here, I mean each individual HTTPS request, not each SSL connection.
Some background: We have an Apache webserver that is configured for client-authenticated SSL ("SSLVerifyClient optional"). The Apache webserver is mainly a proxy for a WebLogic app server.
In our case, the client workstations have smart card readers, and client certs are stored on the smart cards.
We are encountering a problem where, when users access the Apache server, they are getting re-prompted to enter their smart card PIN multiple (many) times, even just to access the initial webpage.
I'm aware that there are some settings in the smart card "middleware" that would cache either the users' PIN or their certificates. These settings are currently set to not cache, and our management doesn't want to change these settings, so I've been looking into what things could be causing this behavior, and someone on another newgroup mentioned that it may be possible that some webservers have a setting that would force a re-"SSL"-authentication for each HTTPS request, but I'm not aware of a setting like this.
So, I'm wondering if there is some way to configure Apache+SSL so that this (re-authenticating) would occur with each individual HTTPS request?
Thanks in advance,
Jim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|