ISAM for Web – WebSEAL – Firefox doesn’t ask for client certificate

Just spent a while troubleshooting why my browser wouldn’t ask me for the client certificate even when I went to a certificate protected webseal instance. After a while, I worked it out, and thought I’d make a note of it here. Title Note: It was actually happening on both Firefox AND Internet Explorer.


  • forms-auth = https
  • require-client-cert = optional
  • Client certificate mapping rule defined from here.

Everytime I accessed the page, both Firefox and Internet Explorer would just display the login page:


After checking and rechecking what I had done to configure client – authentication (it’s really pretty simple after all) I was scratching my head. Turns out, I hadn’t deployed the change from adding the CA certificate into the SSL Certificate keystore pdsrv.kdb.

Once I had deployed that, Firefox was my friend again!


So it would seem that when asking for client authentication, WebSEAL will tell your browser which CA’s it will accept certificates from, and therefore your browser will only offer a cert in the event it has one that matches.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Up ↑

%d bloggers like this: