Add support for client certificate SSL authentication

Issue #1608 resolved
Marshall Greenblatt created an issue

Chrome supports loading of client certificates from the OS certificate store for the purposes of SSL authentication. CEF could support use of client certificates that have already been registered with the OS certificate store.

Client certificates in Chrome are handled via ResourceLoader::OnCertificateRequested and SSLClientAuthHandler.

Comments (15)

  1. Marshall Greenblatt reporter

    On Windows a client certificate (*.p12) can be installed by double-clicking on it in Windows Explorer and removed via Control Panel > Manage user certificates > Personal.

    On Mac OS X a client certificate (*.p12) can be installed by double-clicking on it in Finder and removed via Keychain Access.

    On Linux Chromium uses NSS and installation instructions are available here: https://code.google.com/p/chromium/wiki/LinuxCertManagement.

  2. John Mayhew

    So is there a delegate/interface the client app would implement to allow displaying UI to let the user choose a certificate? Or is this completely automatic somehow?

  3. Marshall Greenblatt reporter

    @jmayhew72 : The client certificate must be pre-installed using OS functions as described above. The selection is then completely automatic (it will use the first client certificate that matches).

  4. Marshall Greenblatt reporter

    Hi, it would be possible to have this feature merged to the 2171 branch?

    No, 2171 branch is too old.

  5. Adam Gross

    I have filed issue 1824 to track work needed for allowing the client app to optionally display a UI allowing the user to choose a certificate.

  6. sam007

    If I am not wrong, this will only select the first certificate from client certificate list, right?

    Referring to this line

  7. Log in to comment