aspose file tools*
The moose likes Security and the fly likes browser sending certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "browser sending certificates" Watch "browser sending certificates" New topic
Author

browser sending certificates

John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Hello:

I am trying to get client-side certificate authentication to work for the first time. I Using the REST client add-on for Firefox to send requests. I have generated a self-signed certificate and installed it into Firefox. However, I suspect that the certificate is not being sent as I get a 503 (which could be for other reasons). Do you have associate a certificate with a URL somewhere? How does Firefox know when to send a certificate? How do I know a certificate was sent?


Thanks
Eric
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39541
    
  27
HTTPS is generally used so that the server sends its certificate, but that the client doesn't. Offhand, I'm not sure how to make the browser send the certificate.


Ping & DNS - updated with new look and Ping home screen widget
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Firefox maintains a list of "Your certificates" for which it also has the private key. When the SSL server requests that the client should authenticate itself it also sends a list of Issuer Distinguished Names that it will trust. Firefox then looks through all the certificates in the "Your certificates" store which match in their Issuer DN field one of the names the server sent. If there are multiple certs it will then ask you to pick one to use to authenticate to the site. If there is exactly one such cert it will silently go ahead and use that. The first time it needs access however it will prompt you for the master password that is used to secure the private key.

If you have a self-signed cert properly installed in firefox along with the private key then you must configure the SSL server to include the Issuer DN of that cert in its list of trusted certificates. The details of how to do this are server specific.


Nice to meet you.
John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Great! Thanks. Good info.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: browser sending certificates
 
Similar Threads
Servlet read file how to expose URL as https
Calling getUserPrincipal() in a Web Service returns ANONYMOUS
client server gui
HTTPS
Applet not selecting default Client certificate