Hello,
I've got a problem I've been unable to resolve. Maybe somebody here has the know-how to help me? I've got a Apache+ModSSL webserver with a directory which requires clients to authenticate themselves with a certificate. Certificates (and keys) are on a smartcard. When the client requests for a file in protected directory, let's say /some_content/protected/some_file, browser asks for PIN, client enters it and gets his/her content. Now the problem: If the client uses a pinpad equipped smartcard reader, he/she will be prompted for pin for every page he requests - drivers for these devices are unable do cache pins and the ssl-session will be invalidated every time the browser requests a file outside of protected area. For technical reasons I can't require certificate based authentication for whole server - it breaks some java applets which have to load components from the server. If I do use server-wide SSLOptions +OptRenegotiate, things will somewhat improve - Mozilla-based browsers now work without eternal ssl-session renewal and the client only has to enter PIN once. However, IE6 _still_ requires PIN for every page view. So - how should I configure the server to avoid this kind of behavior? Regards, Priit ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
