A certificate which authenticates a client or user towards a server or service.
Client certificates are commonly used to authenticate towards a service (e.g. website, VPN). It can be part of two factor authentication.
Questions tagged [client-certificate]
40 questions
1
vote
0 answers
Debug client certificate authentification in Firefox
I'm having trouble determining why Firefox is not applying client certificate authentification in a particular situation.
I have a self-signed client certificate issued for a specific site (nginx mutual TLS) that works when accessing the site using…
Peteris
- 131
- 1
- 4
1
vote
0 answers
Nginx reverse proxy with client-certificate authentication
I understand I can have nginx to check client certificate before forwarding requests; something along the lines:
server {
listen 443 ssl;
server_name my.server.com;
ssl_certificate /etc/ssl/my.server.com.crt;
…
ZioByte
- 296
- 4
- 17
1
vote
1 answer
HTTP authentication with public/private key pair
I'm looking for a way to authenticate clients/users at a web server with public/private key pairs and already read this question:
Public key authentication or similar over HTTP/HTTPS? The answers are similiar to everything I found on the web. In…
fishbone
- 141
- 1
- 7
0
votes
0 answers
Deployed certificate to Personal store using GPO
I am trying to find a user GPO to install a certificate in the personal store (this is a browser certificate and if installed in other stores it won't work so it has to be installed in the Personal store). I found a couple of GPOs but apparently…
user2307236
- 101
- 1
0
votes
1 answer
OCSP client certificate validation
For a home automation project I have created an API (written in ASP.NET so hosted in IIS) and written my own Android app to communicate with this API. To prevent people from accessing specific endpoints in this API, I want to protect the endpoints…
Roel
- 3
- 1
0
votes
0 answers
apache/php not getting client certificates
We wanted to use client certificates in browsers for some of our users for machine identification. I set up a CA and and signed a client certificate which I installed in chrome.
Then I set the following in apache:
SSLCACertificateFile…
0
votes
0 answers
Is there a way to configure IIS to tell us we received an untrusted client certificate?
We have a Web API endpoint configured to allow, but not require, client certificates.
We're logging the certificate we receive, then checking to make sure it is what we expect, logging the result, and then either allowing access or returning…
jdege
- 193
- 1
- 11
0
votes
0 answers
Assigning third-party client certificates/keys to Active Directory users
In our organization, we have a number of third-party vendors that we must interact with using client certificates. We'd like to be able to assign certificates/keys to a particular Active Directory user, so that:
Users don't have to know or care how…
3bh
- 101
- 1
0
votes
1 answer
Is a windows user really needed for IIS client certificate authorization, if so how to set this user's privileges?
I had originally posted this question in securitystackexchange, but I didn't get the answer I was expecting, and I see the topic can also fit here.
I need to connect two servers in different locations in order for one of them (Linux stack) issues…
Juan
- 111
- 5
0
votes
1 answer
curl - SSL peer does not support certificates of the type it received
Trying to send a request with a client certificate to an Apache server, I have the following request and error:
$ curl -X POST https://my-server.com/dummy/user -H 'Cache-Control: no-cache' -H 'Content-Type: application/json' -d…
Worp
- 327
- 1
- 4
- 15
0
votes
0 answers
How do I create a Service Hook Web Hook in Azure DevOps using a client certificate?
the service I want to connect my webhook to requires a client certificate when communicating via SSL/TLS. I already downloaded the certificate files, how can I add my certificate to the service hook / web hook of my azure devops project settings.
I…
gorillanerve
- 3
- 1
0
votes
0 answers
NGINX: Is it possible to configure mTLS without an ssl_client_certificate?
The system I am working with allows clients to register their public keys for mTLS with an application server. We would like our client's applications to establish an mTLS connection with an NGINX proxy which offloads the certificate validation to…
Nikola Kramaric
- 101
0
votes
0 answers
Apache - authorize users either by client certificate or by ldap group membership
I use Apache as a reverse proxy to check the authorization of incoming requests. Until now only Kerberos was provided as authentication method for "/" and client certificates for "/api". See code below.
Now I need to have both methods (either, or)…
derBobby
- 1
- 1
0
votes
0 answers
How to debug ssl_client_verify = NONE while the client cert is supplied?
We've a nginx setup running on docker.
nginx version: 1.13.11
openssl version 1.1.1
docker os image: Ubuntu 18.04.2 LTS docker container running on an aws ec2 instance running: 18.04.6 LTS (Bionic Beaver)
In the nginx site config, we've specified…
skwokie
- 165
- 2
- 9
0
votes
1 answer
How to debug OpenSSL SSL_read: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
We have a nginx setup with client certificate authentication running on docker, we are only using these ssl settings:
ssl_protocols TLSv1.2;
ssl_ciphers…
skwokie
- 165
- 2
- 9