That might be a bad idea if you did it for the AA port, (but it is probably a good idea for the SSO port)
/r
----- Original Message -----
From: "Graham Bryan" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, July 24, 2008 2:26 PM
Subject: Re: shibboleth 2.0 idp/sp
If I recall correctly, to get rid of the "Choose a digital certificate" messages
when using IE7 I updated the config on my Apache server to
replace "SSLVerifyClient optional_no_ca" with "SSLVerifyClient none". Not sure
if this will help in your case but it might be worth "giving it a try".
|