Skip to main content

Questions tagged [client-certificate]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
192 votes
6 answers
381k views

How do I view the contents of a PFX file on Windows?

I have a PFX certificate file on my machine and I'd like to view the details before importing it. (The import utility doesn't actually tell you what the certificate is!). How do I view the details ...
PeterX's user avatar
  • 5,311
10 votes
1 answer
23k views

found a bunch of DO_NOT_TRUST_FiddlerRoot personal certificates installed on my system

I was looking at my personal certificates in Google Chrome and found a bunch of DO_NOT_TRUST_FiddlerRoot certs there. I don't know how these got there. Should I be concerned?
neubert's user avatar
  • 7,204
8 votes
2 answers
13k views

Can Firefox use the Windows certificate store?

How can I get Firefox to use the Windows certificate store to look for client certificates? Use case: Web authentication with a client certificate that is stored in the Windows certificate store and ...
Fragmentation Needed's user avatar
6 votes
2 answers
11k views

Enroll user's certificates for another user on the same machine

If I'm logged in as a normal user, how can I download/enroll user's certificates for another user (on the same machine)? This can be done using runas command but can't figure out exactly.
Stackbe's user avatar
  • 91
5 votes
2 answers
2k views

Using SSH pubkey with multiple certificates

I am using an SSH public key to connect to a number of servers. The servers use an SSH CA to manage authorized users. The basic concept is described here: https://www.digitalocean.com/community/...
jan's user avatar
  • 473
5 votes
1 answer
2k views

Can't import two p12/pfx client certificates into Chrome or Firefox

I have a website I want to use client authentication certificates with. This is just a personal website for myself and a handful of family/friends, so I created a CA to sign some certificates that I ...
Nertskull's user avatar
  • 151
4 votes
0 answers
5k views

curl (and openssl) two way authentication always fails

Problem I'm trying to use curl to send a POST request to a web service deployed on tomcat with host and client verification is required (two way authentication) but I always get the response 404 Not ...
joker's user avatar
  • 235
4 votes
2 answers
3k views

Require only specific client certificates in IIS

I am implementing a solution that requires client certificates. I'm using IIS 7.5 and ASP.Net 4 WCF services. I've set the SSL Settings to Require SSL and require client certificates. Looks good so ...
Jeremy's user avatar
  • 398
3 votes
1 answer
295 views

How do I obtain a trusted, signed, client certificate for use with an FTPS site in IIS and tied to a Windows user?

I've been asked by a third party to setup an FTPS site for them to connect to. I am doing this on IIS 10. It is required that the third-party client uses a client certificate which is tied to the FTP ...
readyStateFail's user avatar
3 votes
1 answer
1k views

P12 Certificate Authentication - what is the correct method

I've been able to successfully set up an IKEv2/IPSec VPN Server using certificate authentication. However, I have a general issue regarding the correct method of creating P12 user certificates. I've ...
Tom Thorp's user avatar
3 votes
1 answer
19k views

RDP with client authentication via a certificate or a key file

I'm planning to set up secure WAN-accessible RDP to my personal computer (Windows 10, not Windows Server, since it's just a workstation). The plan is: Forward the RDP and Wake-on-LAN ports to my ...
Kotauskas's user avatar
  • 134
3 votes
2 answers
6k views

Curl won't prompt me for a certificate password

I'm trying to use CURL to test simple HTTPS connections to servers that require a client certificate. I've specified the certificate type in my .curlrc file with cert = /path/to/Cert.p12 and told it ...
Coderer's user avatar
  • 1,620
3 votes
1 answer
3k views

Safari forces user to select client certificate even if it is optional

This question is loosely related to another one: IIS7.5 SSL Question, Safari users get a prompt of certificate to select, but since it was asked more than a year ago I thought that there may be some ...
Maciej's user avatar
  • 131
2 votes
1 answer
120 views

User name for an existing SSH certificate?

On a Jenkins server, there are two pairs SSH private and public keys in the ~/.ssh/ directory which apparently are both used to authenticate with the same external server. However, I don't know which ...
oberlies's user avatar
  • 706
2 votes
1 answer
1k views

Can I create client certificates from a server certificate that I buy from a certificate authority?

If i buy a certificate from Godaddy or a trusted certificate authority for my website. let's say example.com and i want to issue client certificates so i can validate certificates of clients ...
mohamed nasr's user avatar
2 votes
1 answer
3k views

Mac OS X Yosemite and Client SSL Certificates

Ever since I upgraded from Mavericks to Yosemite, my SSL Client Certificates have stopped working in certain places. They still work in web browsers and in wget, but they have stopped working in curl ...
Nick Retallack's user avatar
1 vote
1 answer
5k views

Can't S/MIME sign using OpenSSL even if "verify" suceeds

I have a client certificate in Chrome, that I used for logging into StartSSL. I exported it using pk12util to certfile.p12. Now I want to use it for signing with S/MIME. I converted the p12 file to ...
Janus Troelsen's user avatar
1 vote
1 answer
1k views

Generate certificate without Basic constraints

A business partner requires a client certificate, to be able to access some of their API's. I generated a cert with OpenSSL, using the command: openssl req -x509 -newkey rsa:4096 -keyout mykey.pem -...
Lars Kristensen's user avatar
1 vote
2 answers
638 views

apache SSL configuration using trusted certificates

It's my first time I'm dealing with SSL, I'd like to know, if I got this right or not. I create selfsigned Client-Certificates with a self created CA my-own-CA.crt. When I buy a Server-Certificate of ...
Yaerox's user avatar
  • 183
1 vote
1 answer
7k views

How to install a client certificate for a service account

I'm building an application that needs to access a third-party webservice, for which I have a client certificate. This works if I run the application from my own account, but eventually, the ...
Berend's user avatar
  • 2,987
1 vote
1 answer
3k views

IIS SSL Settings - Require client certificates and self-signed certificates

I am having a little challenge understanding digital certificates and ssl. In IIS SSL Settings for my website I am setting my website to require client certificates. I am using a self-signed ...
Rod's user avatar
  • 515
1 vote
1 answer
12k views

Firefox, "Secure Connection Failed" and client certificate

I have a client certificate for Satrtcom. I'm trying to authenticate to their service, but I'm receiving a "Secure Connection Failed" error with error code ssl_error_handshake_failure_alert: The ...
jww's user avatar
  • 12.2k
1 vote
1 answer
2k views

IE - Personal Certificates - where does it read it from?

If I go to Internet Explorer Options -> Content Tab -> Certificates Button -> Personal Tab, I see a list of certificates there - where does IE read from? Several of these certificates are different ...
user93353's user avatar
  • 583
1 vote
0 answers
217 views

Client authentication on Apache server doesn't work

I setup a simple Apache 2 server that uses a secure HTTPS connection. I created my own self-signed Root-CA-certificate and Sub-CA-certificate to create the server certificate and installed that on the ...
ilmu011's user avatar
  • 13
1 vote
1 answer
359 views

Intermittent TLS SecureChannelFailure with client certificates

I have an F5 load-balanced API which calls out to external API's, some of which require mutual ("two way" / client) SSL. For months things work fine, but from time-to-time requests (to the external ...
grae22's user avatar
  • 11
1 vote
0 answers
917 views

How to avoid java Security Information popup?

Problem - Java security information popup appears when applet based application loads in the browser. When I check "Always trust content from the publisher" and click run, the application runs and ...
Nishant's user avatar
  • 123
1 vote
0 answers
752 views

Certificate Request and the certificate available in store not matching

I am trying to connect to a third party API which have a mutual TLS authentication setup enabled. So I am supposed to install my client certificates inside my key store and send it on TLS handshake ...
None's user avatar
  • 155
1 vote
1 answer
6k views

Tracking removal of client certificates

I connect to some remote web services that require a client certificate for authentication. Using certain tools (eg. SOAPUI), I can specify the certificate directly, but when doing quick requests to ...
CJM's user avatar
  • 2,617
1 vote
2 answers
7k views

Windows 10 doesn't auto connect to network until I login after a restart

I have a Windows 10 laptop that is configured to connect to corporate BYOD (bring your own device) network. First time you connect to open guest network. Then from a web page, you download an ...
PC Guy's user avatar
  • 11
1 vote
0 answers
113 views

How to get domain name of laptop

I need to create a certificate signing request to get a certificate from a CA for my laptop: openssl req -subj "/CN=<my common name>" -new -key client-key.pem -out client.csr In order to ...
Kenenbek Arzymatov's user avatar
1 vote
0 answers
222 views

tomcat6 with crl doesn't load

I have a new tomcat6.0.34 setup I'm configuring on my CentOS 6.3 (64 bit). I've downloaded a series of CRLs for the certificate authorities I am using, converted them from DER to PEM with openssl: ...
Frustrated's user avatar
1 vote
2 answers
7k views

How to export User cert with private key in PKCS12 format

I'm running Win2008R2, and have installed an Enterprise CA. I can create user certs, but no matter what I do, I cannot export the private key. I'm using the un-touched User certificate template, and ...
andreas-h's user avatar
  • 115
0 votes
1 answer
3k views

FTPS client certificate authentication

I'm installing FTPS server on debian with certificate-based authentication. I've set up ProFTPd and configured it to use TLS and a certificate (for testing purposed I use a self-signed one). Now I'd ...
mrzasa's user avatar
  • 785
0 votes
1 answer
1k views

Can't install client certificate on different device?

I setup a simple Apache 2 server and enabled a secure SSL connection. I used my own self-signed Root-CA-Certificate to create a Sub-CA and used that one to create the server certificate that is ...
ilmu011's user avatar
  • 13
0 votes
0 answers
117 views

Client Side Cannot Find Client Cert in TLS Mutual Authentication

This is a windows .NET application. Am working on the client side. Increased SSChannel logging and discovered ... . Creating a TLS client credential. The remote server has requested TLS client ...
Cobbler Dev's user avatar
0 votes
0 answers
142 views

Force Chrome to show certificate selection dialog in Ubuntu

Some sites (e.g, https://www.sede.fnmt.gob.es/certificados/persona-fisica/verificar-estado/solicitar-verificacion) require the selection of a local certificate. Chrome, once you select one of the ...
Alvaro Maceda's user avatar
0 votes
0 answers
636 views

Is it possible to use SSL client certificate authentication with client programs that do not specifically accommodate them?

I have set up a webserver with several self-hosted apps for my personal use. In order to make sure that I am the only person who can connect to my server, I have generated client authentication ...
Stonecraft's user avatar
0 votes
2 answers
10k views

Imported certificates go to other people windows 10

Edit: 27/04/2020 We came to the conclusion that the certificate stopped working as it does not work anymore on the old system either. So we keep working on "corrupted" certificates that may never ...
VarmintLP's user avatar
  • 334
0 votes
0 answers
21 views

Renewed RootCA doesn't verify child certs

So i have a self signed rootCA which is expiring soon, so i created a new csr with updated info about the cert and company but im still using the same private key. I create the new rootCA and install ...
Ghaith Haddad's user avatar
0 votes
0 answers
325 views

Using a machine certificate for SSL client authentication

Assuming a web site enforces SSL client authentication and the client machine (running Windows) is equipped with a certificate which the server accepts for that purpose. The certificate resides in the ...
user149408's user avatar
  • 1,100
0 votes
0 answers
337 views

Smartcard Client SLL Firefox no selection

I'm trying for days now to setup client ssl with apache and firefox using my hsm smartcard. I generated one certificate for every page I'm trying to set up. The smartcard shows up in firefox and ...
Stefan's user avatar
  • 13
0 votes
1 answer
166 views

EAP TLS encryption security

Is there any different between "EAP-TLS under PEAP" and "EAP-TLS only"? Is "EAP-TLS under PEAP" more secure compared to "EAP-TLS only"? As in PEAP, we are not able to see the actual certificate ...
Jess's user avatar
  • 143
0 votes
2 answers
5k views

How do I configure sssd to authenticate against LDAP using client certificates / SASL EXTERNAL

I have a need to configure various Ubuntu Trusty machines using sssd against a 389ds server that expects to be bound to using a binddn selected automatically via a client certificate mapping. I have ...
Graham Leggett's user avatar
0 votes
1 answer
173 views

Firefox Smartcard Certificate Import error

I recently bought myself a Smartcard-HSM (which is of importance here because it doesn't allow export or import of private keys). Now I've used the "famous" XCA application to create a small CA on ...
SEJPM's user avatar
  • 223
0 votes
1 answer
175 views

E-mail certificate issue

I guess I'm just a compete idiot and can't overcome simple problems, shame shame shame. However, I am trying to put a simple scenario together: box A (Windows 7) and box B (Windows 8 inside a virtual ...
abolotnov's user avatar
  • 369
-1 votes
1 answer
482 views

Where can I get a X509 certificate with my email address embedded and nonRepudiation and digitalSignature bits set? [closed]

I would like to buy a X.509 certificate for user authentication not for SSL. The certificate should have my email address in it and should have 2 bits set in KeyUsage extension: nonRepudiation ...
user674669's user avatar
-1 votes
1 answer
330 views

StartSSL Class 1 Client cert missing private key in Keychain Access?

I have been using Class 1 Client Certificates from StartSSL for a while now (in OS X to sign my emails via S/MIME). I went to renew yesterday and I received my new cert. However, I am unsure how to ...
Brie's user avatar
  • 669