For example, to display only client certificates that also have a purpose of Server Authentication, enter the OID 1.3.6.1.5.5.7.3.1. When the GlobalProtect app finds only one client certificate that matches the secondary purpose, GlobalProtect automatically selects and authenticates using that certificate.
"Unable to configure verify locations for client Aug 12, 2010 ssl - httpd not starting after installing certificate [Sat Jul 27 06:35:00 2013] [error] Unable to configure verify locations for client authentication [Sat Jul 27 06:35:00 2013] [error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long [Sat Jul 27 06:36:55 2013] [error] Server should be SSL-aware but has no certificate configured [Hint
Configuring Strong Authenticators with Universal
Regarding your additional questions: 1) A client-side certificate is for use in specific circumstances, as opposed to just being 'good configuration'. You could issue clients with certificates to verify the machine that is connecting, or to verify specific users (a second factor of authentication). 2) NTLM is a challenge response protocol. KB9428 - If users are unable to authenticate, verify that
Guide to Remote repository access through authenticated HTTPS. This document describes how to configure Maven to access a remote repository that sits behind an HTTPS server which requires client authentication with certificates.
Aug 12, 2010 ssl - httpd not starting after installing certificate [Sat Jul 27 06:35:00 2013] [error] Unable to configure verify locations for client authentication [Sat Jul 27 06:35:00 2013] [error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long [Sat Jul 27 06:36:55 2013] [error] Server should be SSL-aware but has no certificate configured [Hint Failed to start Apache Server after configuring Client This is the location of the certificate for the CA. To note: The certificate of the client is inside the folder /etc/pki/CA/certs. I am not sure if this causes any problem when configuring the Client Authentication. (Update: Edit 1) Removed the "#" on the directive "SSLVerifyClient require".