Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I support SSL Client Certificate authentication?

Tags:

ssl

ruby-on-rails

apache

I want to do what myopenid does -- once you've logged, you can click a button that generates you an SSL certificate; the browser then downloads this certificate and stores it. When you later go back to yourid.myopenid.com, your browser can use its stored certificate for authentication so you don't ever need a password.

So my questions is what is required to get this working? How do I generate certificates? How do I validate them once they're presented back to me?

My stack is Rails on Apache using Passenger, but I'm not too particular.

like image 542
James A. Rosen Avatar asked Aug 26 '08 16:08

James A. Rosen

People also ask

How do I get SSL client authentication certificate?

Create a client certificate request. After receiving the certificate, export it to a password-protected PKCS12 file and send the password and the file to the user. Make sure the file is securely sent.

How do you verify client certificate authentication?

Chrome: Verifying that Your Client Certificate Is InstalledIn Chrome, go to Settings. On the Settings page, below Default browser, click Show advanced settings. Under HTTPS/SSL, click Manage certificates. In the Certificates window, on the Personal tab, you should see your Client Certificate.

What is SSL client certificate authentication?

Secure Sockets Layer (SSL) is a PKI protocol to authenticate the user's identity and encrypt the communication between the client and the server. An SSL certificate ensures that nobody can intercept, read, or change the conversation between the client and the server.

2 Answers

You can generate a certificate in the client's browser using browser-specific code. See this question

You could also generate SSL client certs server-side using OpenSSL in Ruby (see this q). (This will work in any browser without browser-specific code, but your server will have generated the client's private key, which is not ideal for crypto purists.)

Whichever method you use to generate them, you will then need to configure your webserver to require the client certificates. See the Apache docs for an example.

like image 163
Rich Avatar answered Oct 20 '22 18:10

Rich

These are usually referred to as client side certificates.

I've not actually used it but a modified version of restful-authentication can be found here here that looks like what your after.

I found this via Dr. Nic's post

like image 38
russtbarnacle Avatar answered Oct 20 '22 19:10

russtbarnacle
Sign in to Comment

Related questions

Adding rspec test for library module doesn't seem to pickup Expectations and Matchers
Rails virtual attribute search or sql combined column search
Rake Test Very Slow in Windows
Is the Rails default CSRF protection insecure?
What are useful Emacs features for Rails development
Is there a nicer way to set POST body data in rspec on rails?
form_for wrong number of arguments (3 for 2) since upgrade to rails 3.1
Foreman does not kill processes
NoMethodError with delayed_job (collectiveidea gem)
How to decorate nested attributes (associations) with Draper in Rails 3?
Uploading multiple files with paperclip
rails undefined method `each' for nil:NilClass
Rails asset pipeline retina @2x and cache buster timestamps are at odds
Multiple non-nested model creation on same page
Rails has_many custom ActiveRecord Association
Rails 4 - Passing Params via link_to?
Ruby on Rails: Common method available for controllers and views?
How to include several modules in RSpec?
How to determine which commit and/or which branch was deployed to Heroku?
Allow unconfirmed users to access certain pages which require authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!