Stack Overflow
Stack Overflow

Questions tagged [client-certificates]

X.509 certificates for client authentication during TLS handshake.

Client certificates are X.509 certificates used for TLS/SSL connections. In conjunction with , they allow clients to identify during TLS handshake, thus ensuring two-way authentication.

Client certificates are verified against one or more CA certificate(s) stored on the server.

1304 questions
24
votes
4 answers

What is a good way to deploy secret Java key stores in an OpenShift environment?

We have a Java web application that is supposed to be moved from a regular deployment model (install on a server) into an OpenShift environment (deployment as docker container). Currently this application consumes a set of Java key stores (.jks…
Jan Thomä
  • 13,296
  • 6
  • 55
  • 83
24
votes
1 answer

X509Certificate2.Verify() returns false always

Facing a really strange issue X509Certificate2.Verify() returning false for a valid certificate. Maybe some has already faced this strange scenario before and can shine some light on it. I am using openssl to generate client certificates for…
Deb
  • 737
  • 1
  • 5
  • 20
24
votes
3 answers

Disable SSL client certificate on *some* WebAPI controllers?

Edit for future readers: Unfortunately, the bounty awarded answer doesn't work; nothing I can do about that now. But read my own answer below (through testing) - confirmed to work with minimal code changes We have an Azure Cloud Service…
DeepSpace101
  • 13,110
  • 9
  • 77
  • 127
24
votes
2 answers

Make IIS require SSL client certificate during initial handshake

I am trying to configure an IIS website to require SSL client certificates. The website is set up in both IIS 6 and 7, though I am more interested in making it work for 7. I set the require client certificates property in IIS and it works fine…
nslowes
  • 564
  • 1
  • 3
  • 9
19
votes
4 answers

Mutual certificates authentication fails with error 403.16

I'm using Windows Server 2012 and IIS 8.5. I've set SSL for the website and the SSL Settings are: Require Required and Require Client Certificates. The client certificate that I'm sending to the server has been issued by a self-signed authority…
Javier Holguera
  • 1,301
  • 2
  • 11
  • 27
18
votes
2 answers

How to make Selenium WebDriver select client certificates dynamically without visually detecting the popup

I'm trying to use Java and Selenium to test a website that requires a client certificate. When I browse to my site I get a popup like the one below to select the correct certificate. My requirements are as follows: Select a certificate by name On…
neXus
  • 2,005
  • 3
  • 29
  • 53
18
votes
2 answers

What is the impact of the `PersistKeySet`-StorageFlag when importing a Certificate in C#

In my application, a Certificate for Client-Authentication is programatically added to the MY-Store using the following code: //certData is a byte[] //password is a SecureString X509Certificate2 certificate = new X509Certificate2(certData, password,…
Florian-Rh
  • 777
  • 8
  • 26
17
votes
1 answer

How to create users/groups restricted to namespace in Kubernetes using RBAC API?

Problem I'd like to issue certs to many different developers (different subjects) all within the dev group, and have them all have access to create and modify things within the dev namespace, but not touch anything outside it, and definitely not see…
Amit Kumar Gupta
  • 17,184
  • 7
  • 46
  • 64
17
votes
3 answers

https client certificate logout/relogin

I have a web site using ssl certificate authentication. How to force the web browser from the server to ask again the certificate to be used? It would be useable for logout, but the use case here is switching user identity. I remember something…
Árpád Magosányi
  • 1,394
  • 2
  • 19
  • 35
16
votes
1 answer

Validating client certificates in PyOpenSSL

I'm writing an app that requires a cert to be installed in the client browser. I've found this in the PyOpenSSL docs for the "Context" object but I can't see anything about how the callback is supposed to validate the cert, only that it should,…
Roger Heathcote
  • 3,091
  • 1
  • 33
  • 39
16
votes
2 answers

Does IIS do the SSL certificate check or do I have to verify it?

I have a IIS set up to only accept client connections with a SSL certificate. I have a WCF service running on IIS. I have a Certification Authority in the servers trusted CAs. Now, when a client connects to the service, does IIS validate that the…
bucktronic
  • 3,027
  • 2
  • 22
  • 27
16
votes
3 answers

iOS Client Certificates and Mobile Device Management

Our customers want to use an MDM (mobile device management) solution (MobileIron) to install client certificates onto corporate iOS devices, in order to limit access to certain corporate web services to corporate devices only. MobileIron installs…
Brett Donald
  • 6,745
  • 4
  • 23
  • 51
16
votes
6 answers

ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome

I've got a web site that uses SSL Client certificate authorization. All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL…
Alexey
  • 353
  • 2
  • 3
  • 11
16
votes
1 answer

Microsoft HTTP Server API - using SSL, how to demand client certificate?

I'm currently implementing a small HTTP server using Microsoft HTTP Server API Version 2.0 (http://msdn.microsoft.com/en-us/library/windows/desktop/aa364510(v=vs.85).aspx). I need to enable HTTPS on server side and also demand client certificate…
liismai
  • 161
  • 1
  • 3
15
votes
4 answers

Client certificate not getting added to the request (Certificate Verify)

I'm trying to do a simple GET request to an external production server with a client certificate. They have added our certificate to their server, and I have successfully made requests through Postman (both the Chrome app and the Windows native app)…
Aske B.
  • 6,419
  • 8
  • 35
  • 62
1
2
3
86 87