A certificate which authenticates a client or user towards a server or service.
Client certificates are commonly used to authenticate towards a service (e.g. website, VPN). It can be part of two factor authentication.
Questions tagged [client-certificate]
40 questions
0
votes
0 answers
How to permit only certain e-mail clients for IMAP access
My company is giving out new Android smartphones to employees, and they should be able to manage their e-mail on them. Currently, only access via webmail is enabled, but the mobile webmail client (Zimbra) is awkward and very feature-limited.…
Ben Opp
- 247
- 4
- 12
0
votes
1 answer
Can you create an mTLS connection while using an SSL Proxy?
I am using an SSL/TLS Proxy, meaning I have installed a CA on all my clients that allows me to break/decrypt their TLS connections.
I’m trying to determine what would happen to an mTLS connection and if it would be possible for a client to establish…
Curious Nerd
- 1
- 1
- 1
0
votes
1 answer
IIS Client Certificate Authorization working locally but not remotely
I have been attempting to set up client cert authorization on an IIS endpoint. Following the tutorial at https://joji.me/en-us/blog/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates/ I created a root cert,…
Ralph
- 101
- 2
0
votes
1 answer
How to make Firefox prompt for Windows's own certificate store's client certificates?
As per this blog post it should be possible:
https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/
Yet when browsing a site which asks for a client certificate it doesn't open a prompt. (On the same site the…
Cigarette Smoking Man
- 103
- 3
0
votes
0 answers
CRL revocation check fails yet can retrieve file
I have an IIS server on a 2016 box (IIS v10 it says) which is being used to authenticate a unix server via a certificate. I have confirmed connectivity to the internal CRL server, I can telnet to it, I can download the file, and certutil comes with…
AlexF
- 1
- 1
0
votes
1 answer
X-ARR-ClientCert not passing from Azure Web App Reverse proxy to another Azure Web App
I've setup a reverse proxy in an Azure Web App instance that's rewriting the URL and forcing SSL to our main Azure Web App .NET Application. It's been running well.
We want to deploy client certificate authentication to this .NET Application. We got…
0
votes
1 answer
Overriding "SSL client : No" for a specific nginx vitual server
I have a bunch of clients (too many to easily retrofit) each holding a single certificate (signed by a non-standard CA over which I have no control; I just generated the CSRs).
Now I need to setup a "secured" web service where server is identified…
ZioByte
- 296
- 4
- 17
0
votes
1 answer
Choose Client Certificate dialog in FF displays only a subset of available client certs
problem:
We have an application here using client certificate authentication. This has been working without any issues for years, but now several clients are experiencing the following issue in FF and Chrome but not (yet) in IE: The "choose client…
mathias barresi
- 36
- 3
-1
votes
1 answer
I try to use nginx as a reverse proxy with validating client certifikate and I want to check OU in client certificate. Always return 404
Here is my configuration.
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_certificate /etc/ssl/certs/nginx-self.crt;
ssl_certificate_key…
sqra
- 1
- 1
-2
votes
1 answer
MTLS on Nginx that works with client side Android Apps?
Is there a way to pull off MTLS/Two-Way SSL/Client Certificates that work on unrooted v10+ Android Clients on the cheap?
I have a couple of personal api end points that I want to be publicly accessible for just me and a few family members but filter…
Ampersand
- 1
- 3