0

When implementing client-side TLS certificates, the browser always presents a pop-up with the available (and possible suitable?) certificates.

Is there a way for the server to request a specific certificate which would be immediately provided by the browser without going though a pop-up?

The Wikipedia article on client-side authentication describes the transactions diagram but without much details:

The server requests a certificate from the client, so that the connection can be mutually authenticated, using a CertificateRequest message.

WoJ
  • 3,607
  • 9
  • 49
  • 79

1 Answers1

3

The behavior of client certificate selection is solely up to client software (e.g. browser) and has nothing to do with server (except the requirement of client certificate in the request).

Microsoft Internet Explorer 8+, for example, do not pop up certificate selection dialog when only one suitable certificate is found. If no suitable certificates are found, or there are multiple valid certificates, then pop up dialog is shown.

Crypt32
  • 6,639
  • 1
  • 15
  • 33
  • Thank you. I was hoping that a specific crafting of the [`CertificateMessage` request](https://tools.ietf.org/html/rfc5246) could enforce (or direct) the brower to spontaneously present the certificate. – WoJ Oct 31 '16 at 12:00