We have a secure HTTPS application that passes client-side SSL certificates to the server for authentication purposes.
The clients are iOS and Blackberry devices.
The first time the user connects, they are able to carry out their required actions and everything works fine.
If the client waits a short time (e.g. 2 minutes) and tries to perform another action, it looks like their user session tries to be resumed, so the client certificate tries to get loaded from the cache on the SAP server - this causes the certificate to not be found and the client authentication gets rejected.
This is the error from the SAP ICM Trace file:
[Thr 136] Thu Jan 17 10:51:46 2013
[Thr 136] <<- SapSSLSessionStart(sssl_hdl=000000001CB5F150)==SAP_O_K
[Thr 136] status = "resumed SSL session, NO client cert"
The application is stateless, so session ID's and session persistence should not be required.
Therefore, please can you tell me how I can force the client certificates to not be cached, but to be required on every new connection attempt?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.