I would like to secure a webserver with ssl, so far no prob. But i am more interessted in the authentication. I want users be able to login using certificates. If a user has no valid certificate he get redirected to a login/passwd-page But sll keeps fooling me. I tried to play around with some settings for my apache2 webserver (SSL is active and all paths (to certs and keys) are set correctly): 1. SSLVerifyClient REQUIRE Code (markup): Every browser is forced to hand a client-certificate to my web server. sounds good, but its not what i want. This way a user without a certificate can't access the website at all. 2. SSLVerifyClient NONE Code (markup): No client-vertificates required. Means a user with a valid certificate has to use the Login/passwd-page -> BAD. 3. SSLVerifyClient OPTIONAL Code (markup): I am not able to make the mostly used browsers to send a client certificate to my webserver. For example i found no way with firefox to ask the user if he wants to send a certificate. There has be to a solution out there somewhere with the desired functionality. I am thankfull for every help i can get. Stefan Wagner