• Article Type: General
• Product: MetaLib
• Product Version: 3

Description:
When accessing the MetaLib, users authenticated by IP are asked to choose an SSL certificate. How can we prevent this?

Resolution:
The SSLVerifyClient parameter was slightly changed between Apache 1.3 and 2 ; instead of numbers 0-3 the following options are available:
- none no client Certificate is required at all
- optional the client may present a valid Certificate
- require the client has to present a valid Certificate
- optional_no_ca the client may present a valid Certificate but it is not required to have a valid CA

This parameter exists in $httpd_bin/conf/ssl.conf, with the default value in the MetaLib application being "optional_no_ca" - the same as "3" in Apache 1.3 version.

You can revise this parameter setting from "SSLVerifyClient optional_no_ca" value in the ssl.conf to "SSLVerifyClient none" and see if this solves the problem.

• Article last edited: 10/8/2013