diff --git a/README.md b/README.md
index 4b3c5c8d6..d5c6a34f3 100644
--- a/README.md
+++ b/README.md
@@ -195,10 +195,12 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
   # Uncomment in Apache 2.4
   # SSLCARevocationCheck chain
 
-  RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+  RequestHeader set SSL_CLIENT_S_DN_CN ""
+  RequestHeader set SSL_CLIENT_CERT ""
   <Location /registrar/sessions>
       SSLVerifyClient require
       RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
   </Location>
 
   <Location /registrar/id>
@@ -276,10 +278,12 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
     # Uncomment in Apache 2.4
     # SSLCARevocationCheck chain
 
-    RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+    RequestHeader set SSL_CLIENT_S_DN_CN ""
+    RequestHeader set SSL_CLIENT_CERT ""
     <Location /registrant/sessions>
         SSLVerifyClient require
         RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
     </Location>
 
     <Location /registrant/id>
@@ -312,6 +316,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
     SSLCARevocationCheck chain
 
     RequestHeader set SSL_CLIENT_S_DN_CN ""
+    RequestHeader set SSL_CLIENT_CERT ""
 
     <Location />
         Allow from none
@@ -322,6 +327,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
         Allow from all
         SSLVerifyClient require
         RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
     </Location>
 </VirtualHost>
 ```
@@ -346,6 +352,7 @@ Be sure to update paths to match your system configuration.
       # SSLCARevocationCheck chain
 
       RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
 
       EPPEngine On
       EPPCommandRoot          /proxy/command
diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb
index ad389e0c5..a630c7aac 100644
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@@ -27,6 +27,7 @@ class Registrar::SessionsController < Devise::SessionsController
       @depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required)
     end
 
+    logger.error request.env['SSL_CLIENT_CERT']
     if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag]
       @depp_user.errors.add(:base, :invalid_cert)
     end
diff --git a/config/schedule.rb b/config/schedule.rb
index 7c5052c31..b1ad5a403 100644
--- a/config/schedule.rb
+++ b/config/schedule.rb
@@ -24,6 +24,6 @@ every :day, at: '12:10pm' do
   runner 'Invoice.cancel_overdue_invoices'
 end
 
-every 6.hours do
+every 3.hours do
   runner 'Certificate.update_crl'
 end