We have noticed that, after implementing SSL support through CSS11503 w/SSL Module (moving from Apache 2.2.6 with ssl_mod), the 'certificate request' message sent by the server to the client during SSL Handshake phase does not include a list of Distinguished Names (DN) for the CA. With the previous implementation, using Apache, we saw that the server was sending this list.
Normally this allows the client browser to automatically identify suitable client certificates and present only the relevant certificates to the client. Now all certificates found on the client machine are being presented for selection. This results in a different user experience and confusion.
Has anybody come across this issue before and is there any way to ensure that the DN list is included using CSS module?