13

I want to make a XHR call to a REST service using the ajax() function of jQuery. Basically, this works fine, but the REST service is only accessible by https, and requires the client to authenticate using a client certificate.

How do I send a client certificate using jQuery's ajax() function?

Golo Roden
  • 140,679
  • 96
  • 298
  • 425
  • Did you seen this already?:http://stackoverflow.com/questions/6418620/jquery-ajax-and-ssl or http://stackoverflow.com/questions/2604399/is-there-a-way-to-get-ssl-certificate-details-using-javascript Maybe it helps. – Martina Kraus Jan 28 '13 at 18:14
  • 1
    No, I didn't see them, but the first link doesn't deal with certificates at all, and unfortunately the second is only about server-side certificates - but what I need are client-side certificates. – Golo Roden Jan 28 '13 at 18:50
  • Not possible based on this question: http://stackoverflow.com/questions/9654306/send-client-certificate-using-xhr – mccannf Jan 28 '13 at 23:49
  • @Simon Thanks man :-)! If you convert your comment to an answer I will upvote and accept it. – Golo Roden Jan 31 '13 at 13:30

2 Answers2

14

Client-certificate authentication is (a) only performed upon request by the server and (b) done transparently by the browser, as far as the HTTP and JavaScript layers are concerned.

When the server requests a client certificate (which may entail a re-negotiation following an HTTP request), the browser should offer a pop-up to select a certificate (which is browser-dependent and not under any JavaScript or HTML control) or select one automatically depending on its settings.

As such, it's not up to jQuery's ajax() function to do anything about the client certificate.

Off the top of my head, I'm not sure whether the browser will trigger the client-certificate selection pop-up if it only occurs at first during that AJAX call (this is likely to be browser dependent). However, if the client-certificate selection has already been made (or if the choice is automatic), the browser will use it for authentication, as it would for any other normal request.

Bruno
  • 119,590
  • 31
  • 270
  • 376
  • _However, if the client-certificate selection has already been made (or if the choice is automatic), the browser will use it for authentication, as it would for any other normal request._ And that's what I meant with _ssl authentication not possible within an ajax call_ – Simon Feb 01 '13 at 08:34
  • 1
    @Simon, ah OK, what I said doesn't mean authentication isn't possible. It does take place, the choice is just not under the control of any JavaScript function. – Bruno Feb 01 '13 at 10:14
  • _the choice is just not under the control of any JavaScript function._ exactly. – Simon Feb 01 '13 at 10:37
4

It's possible to make ssl ajax calls if the request source and target are in the same domain and using https: Securing AJAX & SSL. But you can't make an ssl authentication within your ajax call.

Community
  • 1
  • 1
Simon
  • 7,182
  • 2
  • 26
  • 42
  • "*But you can't make an ssl authentication within your ajax call.*". Why not? What kind of authentication are you talking about? – Bruno Jan 31 '13 at 18:46