I'm trying to use a RESTful web service in Adobe AIR. The service uses client side certificates for authentication, thus I need to set the cert and private key used by AIR/Actionscript's URLRequest when connecting to this RESTful service.
Is setting the Cert/Private Key possible in Adobe AIR?
I did find some documentation from Adobe pertaining to adding to the SSL certificate store for AIR 1.5 on Linux, but I was hoping for a platform independent solution.
I couldn't find any way of doing this (well, not yet anyway).
Adobe uses the underlying OS certificate store. In Windows, this means the same one that IE (and Google Chrome) use.
The only solution I've come up with is to, under linux, follow the instructions in the link you included, and for Windows, have the user download/install the client certificate via IE (and the server root CA as well, as we've a self-signed certificate for the organisation), then Air uses those certificates.
This comes with some annoyances -
Tools -> Internet Options -> Security -> Custom Level -> Miscellaneous -> "Don't prompt for client certificate selection when no certificate or only one certificate exists". This stops the constant requests (though of course, doesn't work if there is more than one certificate.Tools -> Internet Options -> Advanced -> Security -> "Check for service certificate revocation*" and unchecks this. This is probably only necessary with self-signed server certificates for servers that don't support revocation, but I'm not sure.Anyway, as you can see, it's all a horrible mess.
So almost a year later ... it can be done in JavaScript, which may or may not be of some help, using the opensource project Forge:
http://github.com/digitalbazaar/forge/blob/master/README
A WebID demo is currently using Forge to provide a client-side certificate as an authentication mechanism. It's just a demo, so the SSL certificates are self-signed: