Draft client-auth how-to for RE / App admins
I have described the PHP client responsibility of the Account Services Module in assembling the certs &c. for use in making a service call on the BSP. That documentation is in the last section of the Configure Apache Web Server for Client Auth wiki page.
We've decided to close since we have a work-around (leave email field blank when generating self-signed certificates).
Keith: I think that if we document that we will not resolve and include a note explicitly instructing that e-mail address NOT be included when generating certs (or 'include at your own peril'), that is sufficient.
I will take on those steps.
The question of why the inclusion of an email in certificates for client auth causes problems has not been answered. However, the workaround of leaving off the email field during the generation of the certificate has no significant downside, and the instructions on generating certificates for client authentication has been updated accordingly. Does this mean we have an acceptable resolution of IAM-103?