问题
Can a particular web page in a web site, authonticate a web request using client side SSL certificate, while others don't?
回答1:
It's possible using SSL/TLS renegotiation. The way to configure it depends on the server you're using (and whether it supports it).
Note that, at the end of last year (October/November 2009), an SSL/TLS protocol flaw was discovered regarding this feature. SSL/TLS stacks that support renegotiation based on code before that will be vulnerable to the attack. Most libraries did an emergency security update where they disable renegotiation altogether (therefore removing the client-certificate renegotiation). In February 2010, RFC 5746 was published with a fix to this problem, but not all stacks implement it yet.
回答2:
I believe the most common way to secure a single page is to put it in a subfolder that is SSL-secured.
This article may help: http://www.leastprivilege.com/PartiallySSLSecuredWebAppsWithASPNET.aspx
来源:https://stackoverflow.com/questions/3257107/client-side-ssl-certificate-for-a-specific-web-page