File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes browser sending certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "browser sending certificates" Watch "browser sending certificates" New topic

browser sending certificates

John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230

I am trying to get client-side certificate authentication to work for the first time. I Using the REST client add-on for Firefox to send requests. I have generated a self-signed certificate and installed it into Firefox. However, I suspect that the certificate is not being sent as I get a 503 (which could be for other reasons). Do you have associate a certificate with a URL somewhere? How does Firefox know when to send a certificate? How do I know a certificate was sent?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
HTTPS is generally used so that the server sends its certificate, but that the client doesn't. Offhand, I'm not sure how to make the browser send the certificate.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Firefox maintains a list of "Your certificates" for which it also has the private key. When the SSL server requests that the client should authenticate itself it also sends a list of Issuer Distinguished Names that it will trust. Firefox then looks through all the certificates in the "Your certificates" store which match in their Issuer DN field one of the names the server sent. If there are multiple certs it will then ask you to pick one to use to authenticate to the site. If there is exactly one such cert it will silently go ahead and use that. The first time it needs access however it will prompt you for the master password that is used to secure the private key.

If you have a self-signed cert properly installed in firefox along with the private key then you must configure the SSL server to include the Issuer DN of that cert in its list of trusted certificates. The details of how to do this are server specific.

Nice to meet you.
John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Great! Thanks. Good info.
I agree. Here's the link:
subject: browser sending certificates
It's not a secret anymore!