I want to make a XHR call to a REST service using the ajax()
function of jQuery. Basically, this works fine, but the REST service is only accessible by https, a
Client-certificate authentication is (a) only performed upon request by the server and (b) done transparently by the browser, as far as the HTTP and JavaScript layers are concerned.
When the server requests a client certificate (which may entail a re-negotiation following an HTTP request), the browser should offer a pop-up to select a certificate (which is browser-dependent and not under any JavaScript or HTML control) or select one automatically depending on its settings.
As such, it's not up to jQuery's ajax()
function to do anything about the client certificate.
Off the top of my head, I'm not sure whether the browser will trigger the client-certificate selection pop-up if it only occurs at first during that AJAX call (this is likely to be browser dependent). However, if the client-certificate selection has already been made (or if the choice is automatic), the browser will use it for authentication, as it would for any other normal request.
It's possible to make ssl ajax calls if the request source and target are in the same domain and using https: Securing AJAX & SSL. But you can't make an ssl authentication within your ajax call.