Is it possible to automatically select correct client side certificate?

Question

I have configured an Apache httpd website with SSL client side certificates so that only users who have installed the correct certificate in their web browsers can access the we

Answer 1

The SSL (TLS) protocol only allows the server to specify two constraints on the client certificate:

1. The type of certificate (RSA, DSA, etc.)
2. The trusted certificate authorities (CAs) that signed the client certificate

You can use "openssl s_client" to see which CAs your Apache server trusts for client certs. I do not know how to configure Apache to change that list (sorry), but I bet there is a way. So if you can limit the list to (say) your own organization's CA alone, then you will have done all you can to allow a Web browser to select the client cert automatically.

As Eugene said, whether the browser actually does so is up to the particular browser.