>>>>> "Philipp" == Philipp Kern <p...@philkern.de> writes:
Philipp> I'm told it was broken by the upgrade of Apache - apparently it
can no
Philipp> longer do per path client certificate authentication. There is a
Philipp> pending RT ticket from DSA to fix that but I don't think there is
Philipp> anything I can do at the moment - except turn on SSO for the whole
Philipp> vhost. Maybe that could even be a workaround for now and we could
Philipp> check if someone is annoyed by that. :)
TLS dropped the facilities necessary to do that.
Ultimately you'll need a vhost for stuff that requires client certs and
other vhosts that do not.
The user experience of having a site request client certs when you don't
have one to give is really bad in some browsers.
Client certs really kind of are the unloved step child of web
authentication.
