5

We're thinking of improving the authentication of some critical webpages with client certificates, but we're not sure whether it's a widely used standard.

Are SSL Client Certificates well supported by all major browsers? In particular, do they work on the following browsers?

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari (Mac and iOS)
  • Android Web Browser

(We use Apache on the servers, if that matters)

netvope
  • 2,123
  • 5
  • 25
  • 35

2 Answers2

3

I don't have a way of testing all of this, but this site came up on google with instructions for installing PKCS#12 certificate/key pairs in a number of different situations, including on the iPhone.

It seems that Android only uses PKCS#12 certificates for VPN authentication. Here is the wishlist entry for browser client authentication support using imported certificates.

DerfK
  • 19,493
  • 2
  • 38
  • 54
-2

That depends on the CA (Certificate Authority) and whether they are included as defaults or updates to the various web browsers. You can get a general idea by looking through the default CAs included/identified with the various web browsers.

Non-included CAs will result in a warning screen via the web browsers, which may cause some alarm/concern with some users.

SSL over HTTPS support is generally universal across the contemporary web browsers.

user48838
  • 7,431
  • 2
  • 18
  • 14
  • Do you imply that all browsers support client certificates, and the only problem is that the browser's trusted CA list may not include the one I used (i.e. the same problem server certificates face)? – netvope Sep 18 '11 at 01:07
  • Yes, SSL support is practically universal for all contemporary web browsers. – user48838 Sep 18 '11 at 01:11
  • 1
    Are you sure you you're not talking about server certificates? – MDMarra Sep 18 '11 at 01:14
  • Actually, there may be additional warnings if a certificate is not used in the application/use that is has been identified for (if it can be somehow installed in the first place). – user48838 Sep 18 '11 at 01:20
  • 1
    You're talking about something completely different what the OP asked. – womble Sep 18 '11 at 03:37