I have seen some service providers that use certificates for client authentication, so that any browser without the certificate will be rejected. However, the browsers with trusted certificates could access their portals without login. How exactly can I do similar setup on the server side?
Asked
Active
Viewed 238 times
0
-
I'm not sure what the question is here, i.e. how to configure a server (which server) to require client certificate based authentication, how to create client certificates, how to secure server to server communication with client certificates, how to replace existing authentication with client certificates in a specific unknown application ... . I'm pretty sure that there are already plenty of information out there for any of these question, but you need to be more clear in what you are asking to find these. – Steffen Ullrich Sep 10 '22 at 10:15
-
Related: https://security.stackexchange.com/questions/251826/can-mutual-tls-work-with-a-self-signed-client-certificate https://security.stackexchange.com/questions/256969/when-using-certificates-as-authentication-what-identities-the-who-part – mti2935 Sep 10 '22 at 11:19
-
it is in the TLS standard, including [TLS 1.3](https://www.rfc-editor.org/rfc/rfc8446#section-4.3.2). there's a lot of webserver supporting this, e.g. [nginx](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate), [Apache httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html#accesscontrol), etc. – mforsetti Sep 28 '22 at 16:41
-
Which exactly server software you are talking about? E.g. Apache HTTPd and Nginx both have this feature, but the configuration is of course different (and directly described in their respective documentation, and also answered and explained here many times, search for *client certificate authentication*). – Nikita Kipriyanov Sep 28 '22 at 18:22