> The use of "required" certificates is preferred because most browsers
> won't send a certificate when it is specified as "optional".
My client-cert browser experience includes IE v5.01-6, NS 4.7n, and the
latest Netscape and Mozilla, your userbase may vary.
In these browsers, irrespective of
I've been researching what it would take to write an mp2 +
Apache::AuthCookie based login system using optional client
certificates. Before I start wrangling the code, I'd like to do a sanity
check. Here's what I'm planning:
Unauthenticated users trying to access protected content are redirected
t