Created attachment 36384 [details] Bugfix Apache does not perform a post-handshake authentication (request a client certificate) if the virtual host has the setting "SSLVerifyClient optional" and the location has the setting "SSLVerifyClient require". This happens if the browser does not provide a client certificate at SSL handshake time. Apache should ask for a certificate when the location is accessed, but instead this error is logged: SSL Library Error: error:1426811B:SSL routines:SSL_verify_client_post_handshake:invalid config The bugfix is to remove the flag SSL_VERIFY_CLIENT_ONCE (see patch).