Questions tagged [client-certificates]
X.509 certificates for client authentication during TLS handshake.
1,340
questions
275
votes
9
answers
487k
views
Java HTTPS client certificate authentication
I'm fairly new to HTTPS/SSL/TLS and I'm a bit confused over what exactly the clients are supposed to present when authenticating with certificates.
I'm writing a Java client that needs to do a simple ...
- 8,740
121
votes
9
answers
124k
views
RESTful web service - how to authenticate requests from other services?
I am designing a RESTful web service that needs to be accessed by users, but also other web services and applications. All of the incoming requests need to be authenticated. All communication takes ...
- 8,570
110
votes
6
answers
237k
views
How to debug SSL handshake using cURL?
I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.
How do I debug SSL ...
- 1,143
103
votes
25
answers
189k
views
IIS 7 Error "A specified logon session does not exist. It may already have been terminated." when using https
I am trying to create Client Certificates Authentication for my asp.net Website.
In order to create client certificates, I need to create a Certificate Authority first:
makecert.exe -r -n “CN=My ...
- 3,961
70
votes
6
answers
183k
views
How to use a client certificate to authenticate and authorize in a Web API
I am trying to use a client certificate to authenticate and authorize devices using a Web API and developed a simple proof of concept to work through issues with the potential solution. I am running ...
- 17.5k
49
votes
4
answers
80k
views
HTTP error 403.16 - client certificate trust issue
I am trying to implement client certificate authentication on IIS 8. I have deployed my configuration on a development machine and verified it working as expected there. However after setting up on ...
- 900
47
votes
5
answers
21k
views
Forget which client certificate is used by Chrome for an URL
I'm using a client certificate to authenticate with HTTPS to a website.
The first time, chrome asked me which certificate I wanted to use.
However, I don't how to flush/forget this choice to choose ...
- 936
43
votes
1
answer
2k
views
Using Client certificates for Windows RT (windows 8.1/windows phone 8.1)
I am trying a new feature of windows 8.1 and windows phone 8.1 namely the certificate stores and possibility to use client certificates for client authentication on the server side. However I am ...
- 4,025
41
votes
3
answers
52k
views
Can't load /root/.rnd into RNG
I want to generate a server certificate using Windows Open SSL.
When I run this command line, it appear this error. What should I do?
Command
:
openssl req -new -x509 -days 3650 -key ca.key -out ca....
- 451
37
votes
4
answers
332k
views
Solving sslv3 alert handshake failure when trying to use a client certificate
I'm trying to connect to a service that requires a certificate for authorization. The process is that I send the service a CSR file. The service signs the CSR and sends me a certificate that I use for ...
- 17.9k
33
votes
1
answer
67k
views
How Chrome browser know which client certificate to prompt for a site?
I'm setting up certificate authentication for my project using Tomcat. It works ok for command line client such as cURL.
I have many client certificates installed in Chrome browser. Some are using to ...
- 333
32
votes
2
answers
75k
views
What is the right way to send a client certificate with every request made by the resttemplate in spring?
i want to consume a REST service with my spring application. To access that service i have a client certificate (self signed and in .jks format) for authorization.
What is the proper way to ...
- 490
28
votes
5
answers
25k
views
How safe are client SSL certificates in a mobile app?
I'd like to have secure communication between my Android/iOS app and my Internet-accessible backend service, so I'm investigating HTTPS/SSL.
If I create self-signed certificates, then put a client ...
- 29.5k
27
votes
9
answers
96k
views
Browser is not prompting for a client certificate
Background:
I am updating an internal application to a two-step authentication process. I want to add a client certificate authentication process (via a smart card) on top of a traditional username/...
- 1,360
26
votes
2
answers
80k
views
How do I create client certificates for local testing of two-way authentication over SSL?
I'm trying to set-up two-way authentication on a web app running on IIS7. The clients are going to mostly be mobile devices and in the first instance I'm trying to get a demo running using a 3rd ...
- 6,843
25
votes
1
answer
20k
views
X509Certificate2.Verify() returns false always
Facing a really strange issue X509Certificate2.Verify() returning false for a valid certificate. Maybe some has already faced this strange scenario before and can shine some light on it.
I am using ...
- 743
24
votes
4
answers
51k
views
What is a good way to deploy secret Java key stores in an OpenShift environment?
We have a Java web application that is supposed to be moved from a regular deployment model (install on a server) into an OpenShift environment (deployment as docker container). Currently this ...
- 13.5k
24
votes
3
answers
13k
views
Disable SSL client certificate on *some* WebAPI controllers?
Edit for future readers: Unfortunately, the bounty awarded answer
doesn't work; nothing I can do about that now. But read my own answer
below (through testing) - confirmed to work with minimal ...
- 13.4k
24
votes
2
answers
30k
views
Make IIS require SSL client certificate during initial handshake
I am trying to configure an IIS website to require SSL client certificates. The website is set up in both IIS 6 and 7, though I am more interested in making it work for 7. I set the require client ...
- 564
19
votes
4
answers
35k
views
Mutual certificates authentication fails with error 403.16
I'm using Windows Server 2012 and IIS 8.5. I've set SSL for the website and the SSL Settings are: Require Required and Require Client Certificates.
The client certificate that I'm sending to the ...
- 1,341
19
votes
2
answers
9k
views
What is the impact of the `PersistKeySet`-StorageFlag when importing a Certificate in C#
In my application, a Certificate for Client-Authentication is programatically added to the MY-Store using the following code:
//certData is a byte[]
//password is a SecureString
X509Certificate2 ...
- 797
18
votes
2
answers
11k
views
How to make Selenium WebDriver select client certificates dynamically without visually detecting the popup
I'm trying to use Java and Selenium to test a website that requires a client certificate.
When I browse to my site I get a popup like the one below to select the correct certificate.
My requirements ...
- 2,115
17
votes
3
answers
11k
views
https client certificate logout/relogin
I have a web site using ssl certificate authentication.
How to force the web browser from the server to ask again the certificate to be used?
It would be useable for logout, but the use case here is ...
- 1,412
17
votes
1
answer
9k
views
How to create users/groups restricted to namespace in Kubernetes using RBAC API?
Problem
I'd like to issue certs to many different developers (different subjects) all within the dev group, and have them all have access to create and modify things within the dev namespace, but not ...
- 17.8k
16
votes
2
answers
10k
views
Does IIS do the SSL certificate check or do I have to verify it?
I have a IIS set up to only accept client connections with a SSL certificate. I have a WCF service running on IIS. I have a Certification Authority in the servers trusted CAs.
Now, when a client ...
- 3,057
16
votes
6
answers
69k
views
ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome
I've got a web site that uses SSL Client certificate authorization.
All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the ...
- 353
16
votes
3
answers
17k
views
iOS Client Certificates and Mobile Device Management
Our customers want to use an MDM (mobile device management) solution (MobileIron) to install client certificates onto corporate iOS devices, in order to limit access to certain corporate web services ...
- 10.3k
16
votes
4
answers
17k
views
Client certificate not getting added to the request (Certificate Verify)
I'm trying to do a simple GET request to an external production server with a client certificate.
They have added our certificate to their server, and I have successfully made requests through Postman ...
- 6,529
16
votes
1
answer
10k
views
Validating client certificates in PyOpenSSL
I'm writing an app that requires a cert to be installed in the client browser. I've found this in the PyOpenSSL docs for the "Context" object but I can't see anything about how the callback is ...
- 3,285
16
votes
1
answer
6k
views
Microsoft HTTP Server API - using SSL, how to demand client certificate?
I'm currently implementing a small HTTP server using Microsoft HTTP Server API Version 2.0
(http://msdn.microsoft.com/en-us/library/windows/desktop/aa364510(v=vs.85).aspx).
I need to enable HTTPS on ...
- 161
15
votes
3
answers
123k
views
Getting "The remote certificate is invalid according to the validation procedure" when SMTP server has a valid certificate
This seems a common error but while I've found a work-around (see below) I can't pin down the reason I'm getting it in the first place.
I am writing SMTP functionality into our application and I'm ...
- 659
15
votes
2
answers
56k
views
Google Chrome Client Certificate Popup
I'm implementing a mutual authentication for my client in order to solve not having to continually whitelist some of the agencies with a dynamic ip. The process works fine in all browsers that I've ...
- 318
15
votes
2
answers
16k
views
What is the purpose of creating a login from a certificate?
SQL Server provides the option to create a login from a certificate. E.g.
USE MASTER;
CREATE CERTIFICATE <certificateName>
WITH SUBJECT = '<loginName> certificate in master database',
...
- 14.7k
14
votes
2
answers
44k
views
How can I set the certificates in CURL
In order to get a successful response I am using curl --cacert <path of ca.pem> ... but how can i set the path of ca.pem in a configuration file in mac in order to not specify the path of the ...
- 2,163
14
votes
2
answers
7k
views
OnCertificateValidated not running - Self-Signed Certificate Client Authentication - ASP.NET Core and Kestrel
I would like to authenticate clients connecting to my ASP.NET Core Web API (.NET 5) running on Kestrel using certificate-based authentication.
In my Startup.cs I have the following in ...
14
votes
3
answers
13k
views
Android WebView handle onReceivedClientCertRequest
I'm developing an Android app using Client Certificate Authentication within WebView. The certificate (cert.pfx) and password are embedded in the application.
When executing Client Certificate ...
- 581
14
votes
5
answers
20k
views
Swift iOS Client Certificate Authentication
The web service I want to consume requires a client certificate. How can I send my certificate to it?
To further elaborate I don't understand how to create the SecIdentityRef.
In my NSURLConnection ...
- 198
14
votes
2
answers
16k
views
.Net SslStream with Client Certificate
I'm having no luck getting client certificates working with my SslStream project. No matter what I do, I can't get it to actually use the client certificate, despite the fact that all certificates are ...
- 739
13
votes
1
answer
19k
views
aiohttp and client-side SSL certificates
I recently moved off from flask + requests onto aiohttp and its async http client.
In my scenario, I need to make a call to an API over HTTPS (with custom certificates) AND send a client-side ...
- 292
13
votes
1
answer
25k
views
Prevent browser from prompting for client certificate for IIS app
We have an application deployed to IIS and every time we connect to it, we get the following browser prompt:
Select a certificate to authenticate yourself to sitename
We do not have a reason to ...
- 34.7k
13
votes
1
answer
11k
views
How do client certificates work?
I am working with a REST service provider and they want me to use a client certificate provided by them when making HTTP call.
How does a client cert achieve authentication?
If someone has a copy of ...
- 817
12
votes
2
answers
23k
views
Using CLIENT-CERT for Tomcat without specifying a username
I am trying to make a Tomcat web application use client certificate authentication for incoming connections. Everything works fine when using clientAuth=true in server.xml, however due to other ...
- 421
12
votes
2
answers
4k
views
OS X: Git with client certificates rejected
We access our Git server with client certificates by adding the following lines to ~/.gitconfig
[http]
sslCAInfo = /path/to/git-ca.crt
sslCert = /path/to/git-client.crt
sslKey ...
- 6,156
12
votes
1
answer
3k
views
How does Kafka specify key alias for Client Authentication?
I've seen many places that show enabling Kafka client authentication using the same example code as here:
https://www.cloudera.com/documentation/kafka/latest/topics/kafka_security.html#...
- 2,195
11
votes
1
answer
2k
views
Bug in iOS 9 when using client SSL certs and generating HTTP 403 errors
I think we just discovered a bug on iOS 9 (version as of Oct 23rd 2015) when using client SSL certs to talk to a backend API. In common with a lot of REST services, our API generates 4xx error codes ...
- 1,406
11
votes
2
answers
7k
views
Custom nginx error page for "The SSL certificate error"
If the customer will choose the expired certificate, the nginx server will show the built-in error page.
<html>
<head><title>400 The SSL certificate error</title></head>
...
- 121
11
votes
3
answers
16k
views
Clear SSL client certificate state from JavaScript
I'm using client certificates in SSL sessions to authenticate users, but I'm having a bit of a problem with cached sessions. (I have configured IIS to accept—not require—client ...
- 785
11
votes
1
answer
5k
views
WCF - Is a service certificate needed to authenticate clients?
I think there's a gap in my mental model of WCF authentication, hoping someone can help me fill it in.
So, I'm creating a WCF service and would like to have clients authenticate using certificates, ...
- 868
11
votes
2
answers
3k
views
Clear ssl client certificate state from javascript in firefox 33.0.2 (removed Proprietary window.crypto)
I'm looking for a way to clear the SSL client certificate cache in Firefox as a kind of "log out" functionality so that the server does not recognize me anymore via the client certificate the next ...
- 111
11
votes
0
answers
673
views
C#: How to invoke a SOAP service requiring client-side authentication with certificates installed at runtime
I have an application deployed to IIS that needs to invoke a SOAP service. It's using WCF from .NET Framework. That SOAP service requires that requests made be authenticated with a client-side ...
- 111