I got this working last night. It appears the certificate was being created incorrectly that certificate authority is unwanted & that the SSL client extension is needed. Regards Patrick
> On Aug 30, 2017, at 4:36 PM, Patrick Dohman <patrick_doh...@centurylink.net> > wrote: > > >> Because they copied M$IE. This is no longer the case with the latest version >> of FF. > > > I read this afternoon that conversion of the certificate type from PEM format > to the likes of PKCS#12 allows Firefox to cope > with a client server certificate exchange. However this config will likely > break Shodan & urchin analytics. > > I may attempt to test this in the next release... > > >> We do not trust browsers keychain management. We use their own keychain with >> care, and avoid linking it with system keychain. > > The default Apache SSL verify depth of 10 certificate authorities is often > unnecessary & may exacerbate the complex knob patching Ted is attempting > simplify. > > Regards > Patrick >
