1
votes

I want to setup client authentication in a way that during TLS/SSL handshake when server asks the Browser for client certificate, the client certificate is retrieved from a remote Certificate Provider server application.

Is there any way to dictate the browser to use a program written in java/c++ for client certificate retrieval?

1

1 Answers

1
votes

You can't dictate browser directly. What you can do is implement a module (you'll need separate modules - a CSP module for CryptoAPI-based browsers like IE and wrappers and for Mozilla which uses PKCS#11) which will obtain certificates from remote location. The idea is that once the browser requests a certificate or certificate list from such module, the module reads information from your server.

Both modules must be installed by the user (CSP is installed to Windows and PKCS#11 driver is copied on the disk and then the browser is configured to use it), i.e. this is not automatic and can't be done by your site without user support.