Client Certificate Request on demand

Thanks for the reply Aaron.

 

 

I think my issue is slightly different though. The main cause of the problem is session timeout after 42 minutes. We want to allow the user to login again, using their client certificate, without having to close the browser and open a new connection to the site. Note that my client certs are configured in Request mode. Users can access the site without providing a cert, but when they do provide a cert, the system will log them into the application without the need for an additional user/pass. I could test the secondary login after 42 minutes, but that is very time consuming. Instead, I'm choosing not to login the first time the site prompts me, and press a button to initiate Login once on the site. This should cause the BigIP to prompt the user again for a client certificate, which was not previously provided. The same code, however, does not deliver a cert prompt to the end user the second time. It simply reloads the site.

 

 

Should the SSL::renegotiate be enough to cause another client cert request? As I'm reading it, it seems that it is, but it's just not performing that way.

 

 

I also recognize that this may be a browser config or limitation, and am researching that as well.

 

 

Thanks,

 

Andy