I'm a little bit confused about what the client certificates all about. I have set to "IGNORE" the client certificates on my SSL Settings. But i'm worrying if its ok or not. Can someone explain to me the difference or importance/advantages of those three. and Which one is most used/advisable?
Thanks
Client certificates are used for client side authentication of an SSL connection.
Usually the default is to not request a client certificate since a server may server thousands of clients and the only way to be able to do client authentication (and would make sense) is for the server and clients to be part of the same PKI infrastructure (which practically means part of the same organization).
So unless you are asking about your browser it is ok. There is no vulnerability to fear on your side. The worse thing that could happen is that you would not be able to connect to sites that actually do client authentication
