All Questions
5 questions
3
votes
1
answer
3k
views
How does do client authentication work over https?
I recently wrote an application that calls out to a 3rd party service to perform some work. This 3rd party service requires that I authenticate the client calling by using a client certificate. For ...
- 133
1
vote
2
answers
389
views
Where can I find the specs for the X.509 certificate used in client-authenticated TLS handshake?
The TLS specs define how the handshake between client and server must be performed when the client wants to use a certificate to authenticate itself. There is a lot of documentation onlin that assumes ...
- 159
1
vote
1
answer
1k
views
Impersonating Client Certificate Authentication with Same Subject Name
I am looking into the security of a service which uses client certificates for authenticating only known callers. We run a C# Web API Service that checks every request certificate subject if it is ...
- 113
4
votes
2
answers
24k
views
How to identify which root CA does the client certificate use?
How can we identify which root CA client used when there are multiple root CAs on the server?
We can compare the public keys of the client certificate and the root certificate but if we have many ...
- 49
14
votes
2
answers
19k
views
Validating an SSL certificate chain according to RFC 5280: Am I understanding this correctly?
we're in the process of replacing certificates with SHA1 hash due to Google's move to let them appear less secure in Chrome. The replacement certificates use a different intermediate CA than the ones ...
- 143