client-certificates

How to debug ssl handshake, preferably with curl? I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send. Thanks in advance Christian Davén I have used this command to troubleshoot client certificate negotiation: openssl s_client -connect www.test.com:443 -prexit The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client

I'd like to have secure communication between my Android/iOS app and my Internet-accessible backend service, so I'm investigating HTTPS/SSL. If I create self-signed certificates, then put a client certificate in the app and cause the backend service to require that client certificate, is this truly secure ? Here's why I'm asking. It seems that the client certificate could be "hacked" by interrogating the .apk. The client certificate is just a string constant, right? That means anyone could use the client certificate to access my backend. Is the .apk (and iOS equivalent) sufficiently opaque to

i want to consume a REST service with my spring application. To access that service i have a client certificate (self signed and in .jks format) for authorization. What is the proper way to authenticate against the rest service? This is my request: public List<Info> getInfo() throws RestClientException, URISyntaxException { HttpEntity<?> httpEntity = new HttpEntity<>(null, new HttpHeaders()); ResponseEntity<Info[]> resp = restOperations.exchange( new URI(BASE_URL + "/Info"), HttpMethod.GET, httpEntity, Info[].class); return Arrays.asList(resp.getBody()); } Here is example how to do this using

Our customers want to use an MDM (mobile device management) solution (MobileIron) to install client certificates onto corporate iOS devices, in order to limit access to certain corporate web services to corporate devices only. MobileIron installs the client certificate into Settings > General > Profiles , which is the default location for certificates in iOS, and Safari can respond with this certificate when a corporate web service challenges it for one. But I need the same thing to happen from within a custom app. When our app gets challenged for a certificate, I need to be able to respond

I'm using Windows Server 2012 and IIS 8.5. I've set SSL for the website and the SSL Settings are: Require Required and Require Client Certificates. The client certificate that I'm sending to the server has been issued by a self-signed authority (let's called it MyCompany CA). MyCompany CA certificate has been successfully installed in the Local Computer Account - Trusted Root Certification Authorities. It's expiration date is 2039, so is the client certificate expiration date. However, with all this setup, I'm getting an error 403.16 as result. I've enabled Failed Request Tracing Rules and

I am trying to configure an IIS website to require SSL client certificates. The website is set up in both IIS 6 and 7, though I am more interested in making it work for 7. I set the require client certificates property in IIS and it works fine when accessing the site through a web browser, but a Java-based client is having trouble accessing it. I believe the problem is that IIS does not request a client certificate during the initial SSL handshake. Instead it negotiates a normal SSL connection, checks to see if the resource requires client certificates, and if it does it then initiates a new