Why doesn't client.certificate.requested evaluate correctly?

book

Article ID: 167533

calendar_today

Updated On:

Products

Asset Management Solution ProxySG Software - SGOS

Issue/Introduction

Users might report experiencing dropped connections. You might also notice that transactions do not match the client.certificate.requested condition.

This may occur if you have configured the Client Certificate Requested list to add servers that request client certificates.

Because an entry is added to the Client Certificate Requested list only after a web server requests a client certificate during renegotiation, the client.certificate.requested condition evaluates to false under the following circumstances:

  •  The user is the first to access the requesting server.
  •  The user is connecting to a server whose entry was removed from the list after the maximum number of entries was exceeded. In this case, the server is added to the list and the least recently used entry is removed.
  •  The list was cleared manually or after a reboot. In this case, all requesting servers are added as they are encountered.

For information on configuring the Client Certificate Requested list, see the Command Line Interface Reference.