I got this working last night.
It appears the certificate was being created incorrectly that certificate authority is unwanted & that the SSL client extension is needed.
Regards
Patrick
> On Aug 30, 2017, at 4:36 PM, Patrick Dohman <patrick_dohman@centurylink.net> wrote:
>
>
>> Because they copied M$IE. This is no longer the case with the latest version of FF.
>
>
> I read this afternoon that conversion of the certificate type from PEM format to the likes of PKCS#12 allows Firefox to cope
> with a client server certificate exchange. However this config will likely break Shodan & urchin analytics.
>
> I may attempt to test this in the next release...
>
>
>> We do not trust browsers keychain management. We use their own keychain with care, and avoid linking it with system keychain.
>
> The default Apache SSL verify depth of 10 certificate authorities is often unnecessary & may exacerbate the complex knob patching Ted is attempting simplify.
>
> Regards
> Patrick
>
No comments:
Post a Comment