What exactly is the task "Respond to requests requiring a client certificate" doing?

2 posts, 0 answers
  1. Blake
    Blake avatar
    1 posts
    Member since:
    Jul 2014

    Posted 02 Jul 2014 Link to this post

    So I have recently been struggling to get my .NET client working with mutual authentication. In the process of debugging with Fiddler, I noticed that if I make my public cert available to Fiddler, it adds it to the response I get from the server, and I am able to successfully complete my next request(instead of HTTP 401).

    So my question is, what is the purpose of this functionality? Has someone experienced something similar?
  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 07 Jul 2014 Link to this post

    Hi, Blake--

    Can you please elaborate on what exactly you're hoping to accomplish and what problem you're having?

    Client Certificates allow a client application to authenticate to a server over a HTTPS connection without using a traditional username/password. You can configure Fiddler to use a client certificate to respond to a server's authentication challenges; if you want to use Fiddler when contacting a HTTPS server that requires a client certificate, you MUST configure Fiddler with the client certificate because otherwise the authentication process will fail (mutual authentication breaks MITM attacks).

    I suspect you might really be saying: "My .NET code isn't working, but if I use Fiddler to do client certificate authentication it works fine. How can I fix my .NET code?" If that's the case, please share your code.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
Back to Top