Handling the NeedClientCertificate Event - Essential Objects, Inc. Support Forum

Welcome Guest

Search | Active Topics | Sign In | Register

Essential Objects Product Support Forum » All Products » Support » Handling the NeedClientCertificate Event

Handling the NeedClientCertificate Event

Options

Previous Topic · Next Topic

Sergey Gussak

Posted: Wednesday, September 25, 2019 8:29:39 PM

Rank: Newbie
Groups: Member

Joined: 3/19/2019
Posts: 1

The NeedClientCertificate event provides only the host name and port as parameters. How can I get the list of Distinguished CA names trusted by the server? This is part of the client certificate request sent by the server.

Also, do you have an example of how to handle the event properly in a browser context? That would include the following:

Upon receiving the Server Hello containing the Client Certificate request & list of Distinguished CA names, the client will perform the following steps:
The client uses the CA list available in the SERVER HELLO to determine the mutually trusted CA certificates.
The client will then determine the Client Certificates that have been issued by the mutually trusted Certification Authorities.
The client will then present the client certificate list to the user so that they can select a certificate to be sent to the user.

eo_support

Posted: Thursday, September 26, 2019 4:48:01 PM

Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,070

Hi,

We will add a TrustedAuthorities property to the NeedClientCertificateEventArgs class in our next build. Note that:

1. IIS by default does not send CA name list. You can set the following registry key to instruct IIS to send this list.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendTrustedIssuerList=1

2. This property will be of type byte[][]. Each item is a byte array which is the distinguished name in DER encoded format. You will need a ANS1 decoder to decode this byte string and extra whatever information you are interested.

We do not have examples for searching for mutually trusted certificated authorities though. So you may want to search online for such code.

We will reply here again when the new build is available.

Thanks!

eo_support

Posted: Friday, October 11, 2019 1:12:56 PM

Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,070

Hi,

This is just to let you know that we have posted a new build that added NeedClientCertificateEventArgs.TrustedAuthorities property. You can download the new build from our download page. Please take a look and let us know how it goes.

Thanks!

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Message