Questions tagged [client-certificates]

X.509 certificates for client authentication during TLS handshake.

Client certificates are X.509 certificates used for TLS/SSL connections. In conjunction with , they allow clients to identify during TLS handshake, thus ensuring two-way authentication.

Client certificates are verified against one or more CA certificate(s) stored on the server.

1304 questions
272
votes
9 answers

Java HTTPS client certificate authentication

I'm fairly new to HTTPS/SSL/TLS and I'm a bit confused over what exactly the clients are supposed to present when authenticating with certificates. I'm writing a Java client that needs to do a simple POST of data to a particular URL. That part works…
tmbrggmn
  • 8,680
  • 10
  • 35
  • 44
119
votes
9 answers

RESTful web service - how to authenticate requests from other services?

I am designing a RESTful web service that needs to be accessed by users, but also other web services and applications. All of the incoming requests need to be authenticated. All communication takes place over HTTPS. User authentication is going to…
103
votes
6 answers

How to debug SSL handshake using cURL?

I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send. How do I debug SSL handshake, preferably with cURL?
Bajo
  • 1,073
  • 2
  • 8
  • 5
96
votes
24 answers

IIS 7 Error "A specified logon session does not exist. It may already have been terminated." when using https

I am trying to create Client Certificates Authentication for my asp.net Website. In order to create client certificates, I need to create a Certificate Authority first: makecert.exe -r -n “CN=My Personal CA” -pe -sv MyPersonalCA.pvk -a sha1 -len…
enb081
  • 3,831
  • 11
  • 43
  • 66
70
votes
6 answers

How to use a client certificate to authenticate and authorize in a Web API

I am trying to use a client certificate to authenticate and authorize devices using a Web API and developed a simple proof of concept to work through issues with the potential solution. I am running into an issue where the client certificate is not…
48
votes
4 answers

HTTP error 403.16 - client certificate trust issue

I am trying to implement client certificate authentication on IIS 8. I have deployed my configuration on a development machine and verified it working as expected there. However after setting up on the server, whenever I navigate to the site and am…
Eric
  • 890
  • 1
  • 7
  • 9
43
votes
4 answers

Forget which client certificate is used by Chrome for an URL

I'm using a client certificate to authenticate with HTTPS to a website. The first time, chrome asked me which certificate I wanted to use. However, I don't how to flush/forget this choice to choose another certificate. Chrome remembers it and I…
Alexandre Duros
  • 826
  • 1
  • 7
  • 9
43
votes
1 answer

Using Client certificates for Windows RT (windows 8.1/windows phone 8.1)

I am trying a new feature of windows 8.1 and windows phone 8.1 namely the certificate stores and possibility to use client certificates for client authentication on the server side. However I am having problems with this functionality. I have a…
38
votes
3 answers

Can't load /root/.rnd into RNG

I want to generate a server certificate using Windows Open SSL. When I run this command line, it appear this error. What should I do? Command : openssl req -new -x509 -days 3650 -key ca.key -out ca.crt Error: Can't load ./.rnd into RNG…
Asma
  • 421
  • 1
  • 4
  • 6
32
votes
1 answer

How Chrome browser know which client certificate to prompt for a site?

I'm setting up certificate authentication for my project using Tomcat. It works ok for command line client such as cURL. I have many client certificates installed in Chrome browser. Some are using to connect to my site, others are used for different…
System
  • 323
  • 1
  • 3
  • 4
32
votes
4 answers

Solving sslv3 alert handshake failure when trying to use a client certificate

I'm trying to connect to a service that requires a certificate for authorization. The process is that I send the service a CSR file. The service signs the CSR and sends me a certificate that I use for connection. I generated the CSR by the…
Karem
  • 17,615
  • 72
  • 178
  • 278
31
votes
2 answers

What is the right way to send a client certificate with every request made by the resttemplate in spring?

i want to consume a REST service with my spring application. To access that service i have a client certificate (self signed and in .jks format) for authorization. What is the proper way to authenticate against the rest service? This is my…
28
votes
5 answers

How safe are client SSL certificates in a mobile app?

I'd like to have secure communication between my Android/iOS app and my Internet-accessible backend service, so I'm investigating HTTPS/SSL. If I create self-signed certificates, then put a client certificate in the app and cause the backend service…
Jacob Marble
  • 28,555
  • 22
  • 67
  • 78
27
votes
8 answers

Browser is not prompting for a client certificate

Background: I am updating an internal application to a two-step authentication process. I want to add a client certificate authentication process (via a smart card) on top of a traditional username/password form. The application is written in C#,…
26
votes
2 answers

How do I create client certificates for local testing of two-way authentication over SSL?

I'm trying to set-up two-way authentication on a web app running on IIS7. The clients are going to mostly be mobile devices and in the first instance I'm trying to get a demo running using a 3rd generation iPad. I thought I'd start with getting it…
immutabl
  • 6,857
  • 13
  • 45
  • 76
1
2 3
86 87