Is there a way to pull off MTLS/Two-Way SSL/Client Certificates that work on unrooted v10+ Android Clients on the cheap? I have a couple of personal api end points that I want to be publicly accessible for just me and a few family members but filter all other traffic out like bad bots, exploit scanners … Read more
In our organization, we have a number of third-party vendors that we must interact with using client certificates. We’d like to be able to assign certificates/keys to a particular Active Directory user, so that: Users don’t have to know or care how to install a certificate; the certificates they need are installed for them e.g. … Read more
We have a Web API endpoint configured to allow, but not require, client certificates. We’re logging the certificate we receive, then checking to make sure it is what we expect, logging the result, and then either allowing access or returning 403. The problem is that if the client sends a certificate that isn’t signed by … Read more
We wanted to use client certificates in browsers for some of our users for machine identification. I set up a CA and and signed a client certificate which I installed in chrome. Then I set the following in apache: SSLCACertificateFile /etc/ssl/certs/artisanCA-crt.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars On our test server this worked perfectly. chrome … Read more
For a home automation project I have created an API (written in ASP.NET so hosted in IIS) and written my own Android app to communicate with this API. To prevent people from accessing specific endpoints in this API, I want to protect the endpoints that are not supposed to be public. Some will remain public … Read more
For a home automation project I have created an API (written in ASP.NET so hosted in IIS) and written my own Android app to communicate with this API. To prevent people from accessing specific endpoints in this API, I want to protect the endpoints that are not supposed to be public. Some will remain public … Read more
problem: We have an application here using client certificate authentication. This has been working without any issues for years, but now several clients are experiencing the following issue in FF and Chrome but not (yet) in IE: The “choose client certificate” dialog does no longer appear and so they are redirected to a username/password login … Read more
I understand I can have nginx to check client certificate before forwarding requests; something along the lines: server { listen 443 ssl; server_name my.server.com; ssl_certificate /etc/ssl/my.server.com.crt; ssl_certificate_key /etc/ssl/my.server.com.key; ssl_verify_client on; ssl_trusted_certificate /etc/ssl/myca.pem; location / { … proxy_pass http://my.backend.com:9999; } … } Question is: can I extract certificate details (essentially client certificate Subject:CN) and use it … Read more
I’ve setup a reverse proxy in an Azure Web App instance that’s rewriting the URL and forcing SSL to our main Azure Web App .NET Application. It’s been running well. We want to deploy client certificate authentication to this .NET Application. We got that working directly to the .NET Application’s Azure Web App instance, but … Read more
I’m having trouble determining why Firefox is not applying client certificate authentification in a particular situation. I have a self-signed client certificate issued for a specific site (nginx mutual TLS) that works when accessing the site using Chrome and when testing with curl, and the same certificate in .p12 format is imported in Firefox Certificate … Read more
