0

The backedn server URL is https://www.example.com/order/?id=

I am writing the front end to pass order id to this server and display the information I got back.

Server www.example.com requires client certificate authentication.

If I use browser to this URL https://www.example.com/order/?id=123456

I can select my certificate and then get the information I want.

Is there any way I can do this:

Initial page asks the user to select client certificate they wan to use on browser and input order number --> Pass the client certificate andorder number to 'https://www.example.com/order/?id=' to get an result

I've tried using file_get_contents() and cURLs but could not find a way to pass in the client certificate.

---------Update-----------

I've update my Apache virtualHost file and I can have the client certificate information store on the environment now.

$_SERVER['SSL_CLIENT_M_SERIAL']
$_SERVER['SSL_CLIENT_S_DN']
$_SERVER['SSL_CLIENT_V_END']

What I should do to pass these certificate information to the backend server to get through the authentication?

FoMM
  • 53
  • 1
  • 5
  • To be clear, the certificate will be coming from *the user*? This front end server does not posses any certificate it could use to authenticate itself? – deceze Feb 08 '19 at 07:40
  • That's right. Certificate will be provided by individual user. Each user has their own client certificate. I am thinking the front end requires the client certificate, save this information and pass it to the backend server but I do not know how to achieve it. – FoMM Feb 08 '19 at 07:43
  • I'm not sure this is really possible. AFAIK the client never sends all parts of the certificate you'd need to impersonate the client to another server. I could be wrong about that though and will leave it to others to provide a detailed answer or alternative solution… – deceze Feb 08 '19 at 09:27

0 Answers0