Questions tagged [client-certificate]
The client-certificate tag has no usage guidance.
47
questions
192
votes
6
answers
381k
views
How do I view the contents of a PFX file on Windows?
I have a PFX certificate file on my machine and I'd like to view the details before importing it. (The import utility doesn't actually tell you what the certificate is!).
How do I view the details ...
- 5,311
10
votes
1
answer
23k
views
found a bunch of DO_NOT_TRUST_FiddlerRoot personal certificates installed on my system
I was looking at my personal certificates in Google Chrome and found a bunch of DO_NOT_TRUST_FiddlerRoot certs there. I don't know how these got there. Should I be concerned?
- 7,204
8
votes
2
answers
13k
views
Can Firefox use the Windows certificate store?
How can I get Firefox to use the Windows certificate store to look for client certificates?
Use case: Web authentication with a client certificate that is stored in the Windows certificate store and ...
6
votes
2
answers
11k
views
Enroll user's certificates for another user on the same machine
If I'm logged in as a normal user, how can I download/enroll user's certificates for another user (on the same machine)? This can be done using runas command but can't figure out exactly.
- 91
5
votes
2
answers
2k
views
Using SSH pubkey with multiple certificates
I am using an SSH public key to connect to a number of servers. The servers use an SSH CA to manage authorized users. The basic concept is described here: https://www.digitalocean.com/community/...
- 473
5
votes
1
answer
2k
views
Can't import two p12/pfx client certificates into Chrome or Firefox
I have a website I want to use client authentication certificates with. This is just a personal website for myself and a handful of family/friends, so I created a CA to sign some certificates that I ...
- 151
4
votes
0
answers
5k
views
curl (and openssl) two way authentication always fails
Problem
I'm trying to use curl to send a POST request to a web service deployed on tomcat with host and client verification is required (two way authentication) but I always get the response 404 Not ...
- 235
4
votes
2
answers
3k
views
Require only specific client certificates in IIS
I am implementing a solution that requires client certificates. I'm using IIS 7.5 and ASP.Net 4 WCF services.
I've set the SSL Settings to Require SSL and require client certificates. Looks good so ...
- 398
3
votes
1
answer
295
views
How do I obtain a trusted, signed, client certificate for use with an FTPS site in IIS and tied to a Windows user?
I've been asked by a third party to setup an FTPS site for them to connect to.
I am doing this on IIS 10.
It is required that the third-party client uses a client certificate which is tied to the FTP ...
3
votes
1
answer
1k
views
P12 Certificate Authentication - what is the correct method
I've been able to successfully set up an IKEv2/IPSec VPN Server using certificate authentication. However, I have a general issue regarding the correct method of creating P12 user certificates.
I've ...
- 61
3
votes
1
answer
19k
views
RDP with client authentication via a certificate or a key file
I'm planning to set up secure WAN-accessible RDP to my personal computer (Windows 10, not Windows Server, since it's just a workstation).
The plan is:
Forward the RDP and Wake-on-LAN ports to my ...
- 134
3
votes
2
answers
6k
views
Curl won't prompt me for a certificate password
I'm trying to use CURL to test simple HTTPS connections to servers that require a client certificate. I've specified the certificate type in my .curlrc file with cert = /path/to/Cert.p12 and told it ...
- 1,620
3
votes
1
answer
3k
views
Safari forces user to select client certificate even if it is optional
This question is loosely related to another one:
IIS7.5 SSL Question, Safari users get a prompt of certificate to select, but since it was asked more than a year ago I thought that there may be some ...
- 131
2
votes
1
answer
120
views
User name for an existing SSH certificate?
On a Jenkins server, there are two pairs SSH private and public keys in the ~/.ssh/ directory which apparently are both used to authenticate with the same external server. However, I don't know which ...
- 706
2
votes
1
answer
1k
views
Can I create client certificates from a server certificate that I buy from a certificate authority?
If i buy a certificate from Godaddy or a trusted certificate authority for my website. let's say example.com and i want to issue client certificates so i can validate certificates of clients ...
- 25
2
votes
1
answer
3k
views
Mac OS X Yosemite and Client SSL Certificates
Ever since I upgraded from Mavericks to Yosemite, my SSL Client Certificates have stopped working in certain places. They still work in web browsers and in wget, but they have stopped working in curl ...
- 2,016
1
vote
1
answer
5k
views
Can't S/MIME sign using OpenSSL even if "verify" suceeds
I have a client certificate in Chrome, that I used for logging into StartSSL. I exported it using pk12util to certfile.p12. Now I want to use it for signing with S/MIME.
I converted the p12 file to ...
- 2,296
1
vote
1
answer
1k
views
Generate certificate without Basic constraints
A business partner requires a client certificate, to be able to access some of their API's.
I generated a cert with OpenSSL, using the command:
openssl req -x509 -newkey rsa:4096 -keyout mykey.pem -...
- 113
1
vote
2
answers
638
views
apache SSL configuration using trusted certificates
It's my first time I'm dealing with SSL, I'd like to know, if I got this right or not.
I create selfsigned Client-Certificates with a self created CA my-own-CA.crt.
When I buy a Server-Certificate of ...
- 183
1
vote
1
answer
7k
views
How to install a client certificate for a service account
I'm building an application that needs to access a third-party webservice, for which I have a client certificate. This works if I run the application from my own account, but eventually, the ...
- 2,987
1
vote
1
answer
3k
views
IIS SSL Settings - Require client certificates and self-signed certificates
I am having a little challenge understanding digital certificates and ssl. In IIS SSL Settings for my website I am setting my website to require client certificates.
I am using a self-signed ...
- 515
1
vote
1
answer
12k
views
Firefox, "Secure Connection Failed" and client certificate
I have a client certificate for Satrtcom. I'm trying to authenticate to their service, but I'm receiving a "Secure Connection Failed" error with error code ssl_error_handshake_failure_alert:
The ...
- 12.2k
1
vote
1
answer
2k
views
IE - Personal Certificates - where does it read it from?
If I go to Internet Explorer Options -> Content Tab -> Certificates Button -> Personal Tab,
I see a list of certificates there - where does IE read from? Several of these certificates are different ...
- 583
1
vote
0
answers
217
views
Client authentication on Apache server doesn't work
I setup a simple Apache 2 server that uses a secure HTTPS connection. I created my own self-signed Root-CA-certificate and Sub-CA-certificate to create the server certificate and installed that on the ...
- 13
1
vote
1
answer
359
views
Intermittent TLS SecureChannelFailure with client certificates
I have an F5 load-balanced API which calls out to external API's, some of which require mutual ("two way" / client) SSL.
For months things work fine, but from time-to-time requests (to the external ...
- 11
1
vote
0
answers
917
views
How to avoid java Security Information popup?
Problem - Java security information popup appears when applet based application loads in the browser.
When I check "Always trust content from the publisher" and click run, the application runs and ...
- 123
1
vote
0
answers
752
views
Certificate Request and the certificate available in store not matching
I am trying to connect to a third party API which have a mutual TLS authentication setup enabled. So I am supposed to install my client certificates inside my key store and send it on TLS handshake ...
- 155
1
vote
1
answer
6k
views
Tracking removal of client certificates
I connect to some remote web services that require a client certificate for authentication. Using certain tools (eg. SOAPUI), I can specify the certificate directly, but when doing quick requests to ...
- 2,617
1
vote
2
answers
7k
views
Windows 10 doesn't auto connect to network until I login after a restart
I have a Windows 10 laptop that is configured to connect to corporate BYOD (bring your own device) network. First time you connect to open guest network. Then from a web page, you download an ...
- 11
1
vote
0
answers
113
views
How to get domain name of laptop
I need to create a certificate signing request to get a certificate from a CA for my laptop:
openssl req -subj "/CN=<my common name>" -new -key client-key.pem -out client.csr
In order to ...
1
vote
0
answers
222
views
tomcat6 with crl doesn't load
I have a new tomcat6.0.34 setup I'm configuring on my CentOS 6.3 (64 bit). I've downloaded a series of CRLs for the certificate authorities I am using, converted them from DER to PEM with openssl:
...
- 11
1
vote
2
answers
7k
views
How to export User cert with private key in PKCS12 format
I'm running Win2008R2, and have installed an Enterprise CA. I can create user certs, but no matter what I do, I cannot export the private key. I'm using the un-touched User certificate template, and ...
- 115
0
votes
1
answer
3k
views
FTPS client certificate authentication
I'm installing FTPS server on debian with certificate-based authentication. I've set up ProFTPd and configured it to use TLS and a certificate (for testing purposed I use a self-signed one).
Now I'd ...
- 785
0
votes
1
answer
1k
views
Can't install client certificate on different device?
I setup a simple Apache 2 server and enabled a secure SSL connection. I used my own self-signed Root-CA-Certificate to create a Sub-CA and used that one to create the server certificate that is ...
- 13
0
votes
0
answers
117
views
Client Side Cannot Find Client Cert in TLS Mutual Authentication
This is a windows .NET application. Am working on the client side. Increased SSChannel logging and discovered ... .
Creating a TLS client credential.
The remote server has requested TLS client ...
0
votes
0
answers
142
views
Force Chrome to show certificate selection dialog in Ubuntu
Some sites (e.g,
https://www.sede.fnmt.gob.es/certificados/persona-fisica/verificar-estado/solicitar-verificacion) require the selection of a local certificate. Chrome, once you select one of the ...
- 101
0
votes
0
answers
636
views
Is it possible to use SSL client certificate authentication with client programs that do not specifically accommodate them?
I have set up a webserver with several self-hosted apps for my personal use. In order to make sure that I am the only person who can connect to my server, I have generated client authentication ...
- 328
0
votes
2
answers
10k
views
Imported certificates go to other people windows 10
Edit: 27/04/2020
We came to the conclusion that the certificate stopped working as it does not work anymore on the old system either. So we keep working on "corrupted" certificates that may never ...
- 334
0
votes
0
answers
21
views
Renewed RootCA doesn't verify child certs
So i have a self signed rootCA which is expiring soon, so i created a new csr with updated info about the cert and company but im still using the same private key.
I create the new rootCA and install ...
0
votes
0
answers
325
views
Using a machine certificate for SSL client authentication
Assuming a web site enforces SSL client authentication and the client machine (running Windows) is equipped with a certificate which the server accepts for that purpose. The certificate resides in the ...
- 1,100
0
votes
0
answers
337
views
Smartcard Client SLL Firefox no selection
I'm trying for days now to setup client ssl with apache and firefox using my hsm smartcard.
I generated one certificate for every page I'm trying to set up. The smartcard shows up in firefox and ...
- 13
0
votes
1
answer
166
views
EAP TLS encryption security
Is there any different between "EAP-TLS under PEAP" and "EAP-TLS only"?
Is "EAP-TLS under PEAP" more secure compared to "EAP-TLS only"? As in PEAP, we are not able to see the actual certificate ...
- 143
0
votes
2
answers
5k
views
How do I configure sssd to authenticate against LDAP using client certificates / SASL EXTERNAL
I have a need to configure various Ubuntu Trusty machines using sssd against a 389ds server that expects to be bound to using a binddn selected automatically via a client certificate mapping.
I have ...
- 581
0
votes
1
answer
173
views
Firefox Smartcard Certificate Import error
I recently bought myself a Smartcard-HSM (which is of importance here because it doesn't allow export or import of private keys).
Now I've used the "famous" XCA application to create a small CA on ...
- 223
0
votes
1
answer
175
views
E-mail certificate issue
I guess I'm just a compete idiot and can't overcome simple problems, shame shame shame. However, I am trying to put a simple scenario together:
box A (Windows 7) and box B (Windows 8 inside a virtual ...
- 369
-1
votes
1
answer
482
views
Where can I get a X509 certificate with my email address embedded and nonRepudiation and digitalSignature bits set? [closed]
I would like to buy a X.509 certificate for user authentication not for SSL. The certificate should have my email address in it and should have 2 bits set in KeyUsage extension:
nonRepudiation
...
- 567
-1
votes
1
answer
330
views
StartSSL Class 1 Client cert missing private key in Keychain Access?
I have been using Class 1 Client Certificates from StartSSL for a while now (in OS X to sign my emails via S/MIME). I went to renew yesterday and I received my new cert. However, I am unsure how to ...
- 669