tags:

views:

282

answers:

4
+2  Q: 

Testing if a client certificat is installed in the client browser...

Hi,

I was wondering if any of you know if it is possible in javascript or php to test if a client has a specific client certificate installed in the browser.

The thing is that we have a server certificate installed but to be recognized by the clients, they need 2 client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these 2 certificates, if there are not there, we want to propose the client to download them before to enter in https mode...

Anybody can help? Please detail your answer if you know one.

A: 

Forcing your users to download and install a homegrown CA certificate is ugly and hateful. Instead, show them the love and pay the $30 US to get an SSL certificate signed by a reputable, already trusted, CA.

GregS  2010-01-04 15:11:34
Well... We are using a trusted certificat, but the company recently change their CA and we have already pay them for this server certificate so we would like to use it. Just like they have a new ROOT CA authority certificate, browsers not up to date, dont know them. We all know that people dont update their browser often... and safari,firefox dont work via windows update... So we trying to find a solution. But for sure, we are really not happy of this change and so of our SSL Certificate provider. Too bad, it was correct price and recognized by all browser at the start...
Fabien  2010-01-04 15:25:51
Our server certificat is a wildcart certificat and is much more then 30$ :)
Fabien  2010-01-04 15:27:05
Still I agree with you, this is a shit procedure to make people download and install ROOT CA authority certificat... This should not happen. We are not lucky.
Fabien  2010-01-04 15:28:40
Only Internet explorer seems to recognize it and i am not even sure.
Fabien  2010-01-04 15:29:18
Therefor the problem still. It is curious that nothing seems to have been done to be able to test the list of installed certificat from a client browser without being already in ssl... Interesting problem isnt it ?
Fabien  2010-01-04 15:30:51
I don't think there is a neat Javascript solution. Each platform, Windows, Firefox, Java, Safari, Opera, etc. does it differently, so it is a tough problem. Go with a CA common to all those platforms.
GregS  2010-01-04 16:12:45
If they changed their root CA and browsers don't recognise it then request a refund. they broke the certificate not you. then go to a reputable company and get a new certificate. All other options are prone to serious issues and make you look like a shonky business
DeveloperChris  2010-02-22 00:00:44
Actually, I think I know the CA (IPS Servidores) and their roots expired. I don't know if they pointed this fact out to their customers, but there is at least a small element of caveat emptor since this fact was detectable just by examining the roots in question.
GregS  2010-02-22 03:02:51
A: 

what about a warning message that will be hidden by a javascript which will be loaded from your https site.

in the warning message you can link the windows update site or wherever the updated root certifcates can be downloaded to their browser.

KARASZI István  2010-01-26 08:46:02
A: 

PHP is a server side language. If you really want to test this then you need to do it with JavaScript and then send back an AJAX request to PHP.

But I think there is another solution to your problem. Normally when a CA change their name etc. they have usually new "Intermediate Certificates" you can use. (If you have an apache httpd server then you can search for "ca bundle" on their website as well.) With this bundle you can send the new CA certificate along with your certificate.

Raffael Luthiger  2010-02-13 14:15:01
+1  A: 

You can do it client side by using javascript to request a known file from a secured (https) source. if the request fails then it means the client refused to accept your certificate (or another network error) at this point you could popup a message to ask the user to install the root certificate with a link to the root certificate.

This must be done from a non secure page. otherwise the user may refuse your certificate and never load the page to start with and therefore your javascript never runs

It can't be done in PHP because php (which is server side) cannot determine whether the client browser has a particular root ca installed

I however would not do this. get a proper certificate instead.

You appear to have insufficient understanding of how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.

DC

to learn about sending and receiving http responses with javascript read this page..

http://www.w3schools.com/XML/xml_http.asp

It can be used to send and receive any text data, not just xml. It is real easy to implement but you must be aware of browser version issues.

DC

DeveloperChris  2010-02-22 00:11:20
I confirm I have a bad knowledge in SSL works. There are so many technologies on the internet you can't know and be specialised on everything that why I asked for help.Since the time, we have decided as a solution, to put a non https page on our web site, explaining that there is a need to install new certificates before proceeding next secure page. Its not very nice but it is the only thing we found to solve our problem...About your solution, I wonder how you request a file via javascript.. is there any download function? you use document.location ? Question is just for informal purpose.
Fabien  2010-02-22 11:16:33
I have updated my answer to include a link to using javascript to load a file from the server. this is the basis for most ajax functionality
DeveloperChris  2010-02-22 22:20:56

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases