Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Client certificate authentication in Flutter/Dart languege

I am fairly new in certificates world. I decided to create an application that is obligated to use a certificate to access the API.

I created a self-signed CA certificate, SSL Certificate and a client certificate. I imported them into Windows Server and configured IIS properly. I am able to make a request with clientcertificate.pfx file to API from browser (Google Chrome). The pfx certificate is imported to personal user store via MMC. To create pfx file I used .cert and .pvk files.

So far so good.

Now I am trying to make a request from dart and don't know what files I should send to API. Should I send the pfx file? Or maybe .cert and .pvk files? Have you ever done it guys? Could someone help me a bit with understanding this proccess? I have already read a lot of websites but still didn't find answers. In mobile development world I am totally new too.

like image 267
tylkonachwile Avatar asked Oct 18 '25 10:10

tylkonachwile


1 Answers

Dart's HttpClient can take a SecurityContext.

To add a custom trusted certificate authority, or to send a client certificate to servers that request one, pass a SecurityContext object as the optional context argument to the HttpClient constructor. The desired security options can be set on the SecurityContext object.

Store your PKCS12 client keystore (the pfx file) somewhere in your app, probably as an asset, and load it on startup. Create a SecurityContext and then call both useCertificateChainBytes and usePrivateKeyBytes passing the same values to both (the pfx file's contents and password).

Use that SecurityContext as the context of your HttpClient.

like image 57
Richard Heap Avatar answered Oct 20 '25 15:10

Richard Heap



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!