Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

browser sending certificates

 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello:

I am trying to get client-side certificate authentication to work for the first time. I Using the REST client add-on for Firefox to send requests. I have generated a self-signed certificate and installed it into Firefox. However, I suspect that the certificate is not being sent as I get a 503 (which could be for other reasons). Do you have associate a certificate with a URL somewhere? How does Firefox know when to send a certificate? How do I know a certificate was sent?


Thanks
Eric
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTPS is generally used so that the server sends its certificate, but that the client doesn't. Offhand, I'm not sure how to make the browser send the certificate.
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Firefox maintains a list of "Your certificates" for which it also has the private key. When the SSL server requests that the client should authenticate itself it also sends a list of Issuer Distinguished Names that it will trust. Firefox then looks through all the certificates in the "Your certificates" store which match in their Issuer DN field one of the names the server sent. If there are multiple certs it will then ask you to pick one to use to authenticate to the site. If there is exactly one such cert it will silently go ahead and use that. The first time it needs access however it will prompt you for the master password that is used to secure the private key.

If you have a self-signed cert properly installed in firefox along with the private key then you must configure the SSL server to include the Issuer DN of that cert in its list of trusted certificates. The details of how to do this are server specific.
 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great! Thanks. Good info.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic