API calls made from browsers can display certificate choose dialog.

Document ID : KB000045559
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary: 

API Calls made from browsers using HTTPS can be requested to choose a certificate to authenticate itself with even through the resource/policy itself does not use mutual SSL Authentication.  This can be confusing for some end users unsure why a certificate choice is requested and which one should be selected.

Background:  

During SSL Handshake, prior to policy being resolved, the client can be requested for a certificate.  If the client is a browser and it's keystore contains more than one certificate then a dialog will be displayed asking user to choose which certificate is applicable.  

Environment:  

HTTPS API calls made from a browser.

Instructions: 

In Policy Manager, examine 'Tasks -> Manage listen ports', select SSL port in question and navigate to 'SSL/TLS Settings' Tab.  If Client Authentication is set to optional or required then during SSL handshake a certificate will be requested, which might result in a dialog being displayed.  To stop the request set Client Authentication to none. 

Additional Information:

If polices require certificate based client authentication then setting value to none will cause them to fail, consider running mutual authentication policies on a separate port.