I have a web application that uses client certificates installed on iPhones (iOS 12, iOS 13) to authenticate the users.
We have the web server set up to request optionally the certificate (because not all our clients have the certificate)
Apache is the webserver with the
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars
flags used.
As of the release of iOS 13.3, (13.2, 12 was ok) every time (for about 5 times) we respond with a 302 header safari asks for the certificate, (the user is prompted).
In the end the server seems to take it on board and stop prompting the user.
Any idea if the issue is with the certificate on the device or with the apache config?
Thanks for any help.