1

I'm interesting in exploring possibility to authenticate user using their Digital Certificate.

The methodology is to first register the DSC from the user and keep their Public key along with Serial No. and Name etc. Later when user selects the same DSC at login page then encrypt some data from their private key and transfer the same over internet to Web application and decrypt using their registered public key (identifying the public key using serial no and name). The PC can then be authorized for certain period using cookies.

Please guide.

r tanwar
  • 11
  • 2
  • I find the question a bit unclear. Are you asking how to implement this? Or are you asking if there are vulnerabilities in this model? – S.L. Barth Feb 03 '15 at 11:09
  • I'm asking how to correctly implement it. Has it been used anywhere? Code sample or anything will be helpful. – r tanwar Feb 05 '15 at 10:13
  • Too bad there are no answers because I have exactly the same question. – Jose Manuel Abarca Rodríguez May 11 '18 at 15:51
  • See https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326 for a good write-up on implementing user authentication using client certificates using node.js http server. – mti2935 Sep 02 '20 at 14:29

0 Answers0