Chrome doesn't prompt to use a local certificate after setting up client certificate authentication on Apache
Chrome doesn't support post-handhsake authentication, that is, renegotiating SSL and sending a client certificate when the connection is already established, because (from the Chrome bugreport page)
Post-handshake authentication has a mess of security, semantics, and DoS issues. (...) Some spec work is needed to make it defined in HTTP/1.1 at all and, more importantly, explicitly undefined in HTTP/2 in favor of a multiplexing-friendly solution (...)
In Firefox, you can turn it on, but it is not enabled by default, for the same reasons Chrome does not implement it.
You can check the bug reports (Firefox, Chrome) for additional info.
I think what you can do is to set the SSLVerifyClient
to optional
, move it to the VirtualHost
level (with any SSL*
directives, so the certificate will be requested during handshake), and require the presence of a certificate in the .htaccess
file like this:
AuthName "Admin resource"
AuthType Basic
Require ssl-verify-client