Testing if a client certificate is installed in a client browser

Question

Testing if a client certificate is installed in a client browser

I was interested to know if any of you know whether it is possible in javascript or php to check if the client is installed in the client certificate installed in the browser.

The fact is that we have a server certificate installed, but it is recognized by clients, they need two client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these two certificates, if they are not there, we want to offer the client to download them before entering https mode ...

Can anybody help? Please provide your answer if you know it.

+7

php certificate ssl

Fabien Jan 4 '10 at 13:41

source share

4 answers

Developerchris · Answer 1 · 2010-02-22T00:11:20+0000

You can do this on the client side using javascript to request a known file from a secure (https) source. if the request fails, it means that the client refused to accept your certificate (or other network error), at this point you can display a message to ask the user to install the root certificate with a link to the root certificate.

This must be done from an insecure page. otherwise the user can refuse your certificate and never load the page to start, and therefore your javascript never starts

This cannot be done in PHP because php (server-side) cannot determine if a client browser with a specific root is installed.

I would not do that. get the correct certificate instead.

It seems that you do not understand enough how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.

DC

to learn about sending and receiving HTTP responses using javascript, read this page.

http://www.w3schools.com/XML/xml_http.asp

It can be used to send and receive any text data, and not just for xml. This is very easy to implement, but you should be aware of problems with the browser version.

DC

KARASZI István · Answer 2 · 2010-01-26T08:46:02+0000

how about a warning message that javascript will be hidden that will be downloaded from your https site.

in a warning message, you can link the Windows update site or wherever updated root certificates can be downloaded to their browser.

Raffael luthiger · Answer 3 · 2010-02-13T14:15:01+0000

PHP is a server language. If you really want to verify this, you need to do it using JavaScript, and then send the AJAX request to PHP.

But I think there is another solution to your problem. Usually, when a CA changes its name, etc., they usually have new “intermediate certificates” that you can use. (If you have an apache httpd server, you can also search for “ca bundle” on your website.) With this package, you can send a new CA certificate along with your certificate.

James k polk · Answer 4 · 2010-01-04T15:11:34+0000

Forcing users to download and install a home CA certificate is ugly and hateful. Instead, show them love and pay $ 30 to get an SSL certificate signed by a reputable, already trusted CA.

Testing if a client certificate is installed in a client browser

More articles: