Figured out the problem: Internet Explorer. I should have guessed.
In IE's security settings, the default for the Internet zone has the setting
"Don't prompt for client certificate when no certificates or only one
certificate exists" set to "Disabled". However, the default for the Local
intranet z
Thanks for your comments.
I do not think it has anything to do with a DN hostname mismatch. It is true
that your browser will give you warning if the CN in the SSL server
certificate does not match the hostname you are requesting, but this doesn't
affect whether you are prompted for a client certi
Hello,
> I am trying to debug a problem with the browser prompting for a client
> certificate, and I used the following to see the details of the SSL
> negotiation:
>
> # openssl s_client -connect hostname:port -msg
>
> I am testing 2 different scenarios and get basically the same output
> for
The switch and load balancer do not have their own SSL server certificate.
In the browser, when I view the certificate, I can see that I am getting the
SSL certificate from the back-end server "myserver".
The switch and load balancer SHOULD be configured such that the SSL session
terminates at the
