client-certificates

I have a web server that is configured to request a client certificate for SSL. If the client has an acceptable certificate they will see the actual content, but in case do not, I fall back to SSL without client authentication and show an error page that informs them to connect their security token and try again. The problem is, even when they connect their token, the browser will not renegotiate a new SSL session because it thinks that the current session is fine. So I need a way to invalidate the current SSL session. I tried to do it on the server, which is a Tomcat 6: response.setHeader(

I've got a web site that uses SSL Client certificate authorization. All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL warehouse as IE, so certificate installation was pretty easy (click-click-password-done!). After last update of Google "Chrome 29.0.1547.57 m" noone can access my web-server, even me. Google chrome error only! IE and FF working fine. Error is: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. Same in server error log. Do you have any suggestions? The problem

Facing a really strange issue X509Certificate2.Verify() returning false for a valid certificate. Maybe some has already faced this strange scenario before and can shine some light on it. I am using openssl to generate client certificates for testing purposes. I create a Root CA and generate a client certificate based on that Root CA and add the Root CA to its chain. I load the Root CA and the Client Cert to the local certificate store and it seems ok there but when I load it from my NUnit code to test X509Certificate2.Verify() always returns false. Here is the code to load the Cert from the

I have a specific application that requires the use of client certificates for mutual authentication of HTTPS requests. The server has a flexible certificate validation policy that allows it to accept self-signed client certificates that are not present in the server's certificate store. This is known to work just fine using curl as a client. What I've determined via testing and packet sniffing is that Microsoft's ASP.NET HttpClient tries to be overly smart during the SSL handshake. This particular client will only use a client certificate (from the WebRequestHandler.ClientCertificates

I'm looking for a way to clear the SSL client certificate cache in Firefox as a kind of "log out" functionality so that the server does not recognize me anymore via the client certificate the next time I connect to it. The solution from clear-ssl-client-certificate-state-from-javascript if (window.crypto) window.crypto.logout(); does not work anymore in the current version of Firefox. With firefox 33.0.2 the Proprietary window.crypto properties/functions are removed How can I do this in the current Firefox version? You can enable window.crypto by setting dom.webcrypto.enabled = true in about