Draft client-auth how-to for RE / App admins






April 24, 2013, 9:57 PM

I have described the PHP client responsibility of the Account Services Module in assembling the certs &c. for use in making a service call on the BSP. That documentation is in the last section of the Configure Apache Web Server for Client Auth wiki page.

Keith Hazelton
April 24, 2013, 7:26 PM

We've decided to close since we have a work-around (leave email field blank when generating self-signed certificates).

April 22, 2013, 9:23 PM

I have now resolved (marked Won't Fix) and added a warning note to Configure Apache Web Server for Client Auth documentation wiki page.

Further notes on resolution of this issue & completion of the Configure Apache Web Server... page are on KeithH Documentation Pages.

April 22, 2013, 9:16 PM

Keith: I think that if we document that we will not resolve and include a note explicitly instructing that e-mail address NOT be included when generating certs (or 'include at your own peril'), that is sufficient.

I will take on those steps.

Keith Hazelton
April 22, 2013, 6:50 PM

The question of why the inclusion of an email in certificates for client auth causes problems has not been answered. However, the workaround of leaving off the email field during the generation of the certificate has no significant downside, and the instructions on generating certificates for client authentication has been updated accordingly. Does this mean we have an acceptable resolution of IAM-103?

Your pinned fields
Click on the next to a field label to start pinning.


Keith Hazelton


Keith Hazelton