I am working on an application that needs mutual authentication; there are needs to test it on the development server
I have so far got all the keys, server and client, the server can be authenticated, what i don't know is how to request the client(browser) for the keys. Ideally this should be done once at the first request, since there is also password authentication.
Anyone to show me how to go about.
Note: I have searched the web for some good hours with no answer so far
Mutual authentication typically involve the client presenting themself to your server on a SSL/TLS handshake. The certificate is then verified by the server to ensure that it was issued by a trusted certificate authority and it contains the right info.
To request the SSL/TLS handshake, you need to configure your web server to require your web server to require clients authentication. The specific steps may depend on your web server app that you're using for this project so a bit more specific context may help me to explain it better (if I know it on that web server software :)))
Once you have enabled client authentication, the browser will automatically prompt the user to select a certificate to use for authentication when they access the site. The browser will only display certificates that are valid for the site's domain name and that have been installed in the user's certificate store.
Also keep in mind that mutual authentication may be a bit tricky to set up and maintain, and that it may not be that necessary for all applications, but I digress:) Hope this helps!
