Reputation: 183
passing the Client certificate over HTTP
We have use case where we need to pass the client Certificate and Key over Http. And this has to achieved in a single HTTP Request. Meaning, Client will send a HTTP GET and in HTTP response we need to send the clientCertificate and keys.
I tried making below tests,
I generated pem file to containing client Key and cert and set the content type of http reposne as "application/x-pem-file" [Result] : Mozilla and chrome are not understanding the mime type and its asking to save.
- if i use the mime type "application/x-x509-user-cert" , mozilla is interpreting mime type but throwing an error.
I am not sure how we can achieve this (passing client certs and keys to browser over HTTP). Kindly help us.
Thanks Pradeep
Upvotes: 3
Views: 6724
Answers (1)
Reputation: 46080
First you need to determine, which key you want to send. Private keys are almost never transmitted this way - that's a big security flaw. And if you send only public key - this one is already contained in the certificate.
Now canonical format for certificate is binary DER encoding. PEM and anything equally non-standard doesn't have a single chance to be recognized by the browser. I.e. what you can send and hope that it will be handled by the browser is binary DER certificate itself.
Upvotes: 1
Related Questions
- How do I pass the client certificate with HTTP client?
- How exactly TLS/SSL works regarding client certificate?
- Sending Client certificates in web browser
- Client Certificate Authentication in SSL Handshake
- SSL certificate for client
- Setting up client side certificate for mutual authentication
- HTTPS client - certificate
- Using a server-side certificate for client-side authentication
- Send client certificate to Server in Tcl
- Use Server Certificate As Client Certificate