Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [client-certificate]

A certificate which authenticates a client or user towards a server or service.

Client certificates are commonly used to authenticate towards a service (e.g. website, VPN). It can be part of two factor authentication.

37 questions
0
votes
0 answers

Deployed certificate to Personal store using GPO

I am trying to find a user GPO to install a certificate in the personal store (this is a browser certificate and if installed in other stores it won't work so it has to be installed in the Personal store). I found a couple of GPOs but apparently…
user2307236
  • 101
0
votes
1 answer

OCSP client certificate validation

For a home automation project I have created an API (written in ASP.NET so hosted in IIS) and written my own Android app to communicate with this API. To prevent people from accessing specific endpoints in this API, I want to protect the endpoints…
Roel
  • 3
  • 1
0
votes
0 answers

apache/php not getting client certificates

We wanted to use client certificates in browsers for some of our users for machine identification. I set up a CA and and signed a client certificate which I installed in chrome. Then I set the following in apache: SSLCACertificateFile…
Hillel Millman
  • 1
0
votes
0 answers

Is there a way to configure IIS to tell us we received an untrusted client certificate?

We have a Web API endpoint configured to allow, but not require, client certificates. We're logging the certificate we receive, then checking to make sure it is what we expect, logging the result, and then either allowing access or returning…
jdege
  • 193
  • 9
0
votes
0 answers

Assigning third-party client certificates/keys to Active Directory users

In our organization, we have a number of third-party vendors that we must interact with using client certificates. We'd like to be able to assign certificates/keys to a particular Active Directory user, so that: Users don't have to know or care how…
3bh
  • 101
  • 1
0
votes
1 answer

Is a windows user really needed for IIS client certificate authorization, if so how to set this user's privileges?

I had originally posted this question in securitystackexchange, but I didn't get the answer I was expecting, and I see the topic can also fit here. I need to connect two servers in different locations in order for one of them (Linux stack) issues…
Juan
  • 111
  • 5
0
votes
1 answer

curl - SSL peer does not support certificates of the type it received

Trying to send a request with a client certificate to an Apache server, I have the following request and error: $ curl -X POST https://my-server.com/dummy/user -H 'Cache-Control: no-cache' -H 'Content-Type: application/json' -d…
Worp
  • 287
  • 1
  • 4
  • 15
0
votes
0 answers

How to debug ssl_client_verify = NONE while the client cert is supplied?

We've a nginx setup running on docker. nginx version: 1.13.11 openssl version 1.1.1 docker os image: Ubuntu 18.04.2 LTS docker container running on an aws ec2 instance running: 18.04.6 LTS (Bionic Beaver) In the nginx site config, we've specified…
skwokie
  • 155
  • 8
0
votes
1 answer

How to debug OpenSSL SSL_read: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0

We have a nginx setup with client certificate authentication running on docker, we are only using these ssl settings: ssl_protocols TLSv1.2; ssl_ciphers…
skwokie
  • 155
  • 8
0
votes
0 answers

How to permit only certain e-mail clients for IMAP access

My company is giving out new Android smartphones to employees, and they should be able to manage their e-mail on them. Currently, only access via webmail is enabled, but the mobile webmail client (Zimbra) is awkward and very feature-limited.…
Ben Opp
  • 247
  • 4
  • 12
0
votes
0 answers

Configure Apache Server to Fetch and Cache CRL from CRL Distribution Point, Based on Client CRLDP extension

I have an Apache server with mod_ssl loaded. My server is configured to verify client certificates. The client certificates are issued by an internal CA. Client certificates contain the "CRL Distribution Point" x509 extension. The specified…
NG_
  • 1
0
votes
0 answers

How do I preserve source IP with TLS PASSTHROUGH mode on an Istio ingress gateway

I have a pod that NEEDS to keep the client cert in tact and terminate TLS at the pod level. For that reason, I’ve got to use TLS passthrough mode. However, I also need the source IP of the original packet origin. I can’t seem to get TPROXY working…
Godot-Dev
  • 1
0
votes
1 answer

Can you create an mTLS connection while using an SSL Proxy?

I am using an SSL/TLS Proxy, meaning I have installed a CA on all my clients that allows me to break/decrypt their TLS connections. I’m trying to determine what would happen to an mTLS connection and if it would be possible for a client to establish…
Curious Nerd
  • 1
0
votes
0 answers

NGINX Ingress Controller forwarded Certificate to Apache2 Extraction

On our k8s cluster we use NGINX Ingress Controller to request the clients (web-browsers) to provide a client certificate. If the certificate is valid, the request ist proxied to a full-blown Apache Server inside the private network. The nginx <>…
pToker
  • 51
  • 4
0
votes
1 answer

IIS Client Certificate Authorization working locally but not remotely

I have been attempting to set up client cert authorization on an IIS endpoint. Following the tutorial at https://joji.me/en-us/blog/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates/ I created a root cert,…
Ralph
  • 101
  • 2
1
2
3