Mutual TLS CERTIFICATE REQUIRED request wants the client to provide the machine certificate not any user certificates

Issue #3339 wontfix
Kevin Dyer created an issue

TLS request for CERTIFICATE REQUEST contains the CA found in the local machine certificate store. Does not match the CA found in the user certificate store.

Can CEF be configured to interrogate the Local Machine certificate store? Without providing the machine certificate the end user has to login twice, once to the network and once to the application, before they can access the requested data.

Comments (2)

  1. Alex Maitland

    From a chromium point of view I believe this is by design and CEF inherits the same behaviour. There’s a fairly in-depth article at https://jpassing.com/2021/09/27/do-browsers-use-client-certificates-to-authenticate-the-user-the-device-or-both/ (Make sure to read the takeaway at the bottom).

    I’m not aware of any configuration options for this behaviour (perhaps Marshall knows of knows of something I'm not aware of).

    Chromium would need to add support for this or you’d need to patch chromium yourself and build your own custom version of CEF.

  2. Log in to comment