Message Boards Message Boards

Pass client certificate for 2-way SSL authentication when using Import?

Is it possible to pass a client certificate along with an Import request for a URL? I need to access a PKI-authenticated API.
POSTED BY: Daniel Cox
4 Replies
Sort By:

I ended up using a client proxy to handle mutual TLS, https://github.com/square/ghostunnel which works for experimental purposes. For production software I would need an inbuilt solution.
POSTED BY: Daniel Cox

By the way, client certificate verification is how you allow authentication to a website by smart card. The user's certificates are only unlocked on their machine when their smart card is plugged in, allowing the browser access to them to pass to the server over SSL/TLS. Then the web server can extract cryptographically verified user identity information from the certificate and authenticate the user.

It's not common, but it's important when it comes up.
POSTED BY: Daniel Cox

Thanks for responding Chad.

I've had a look, but wasn't able to find anything in there that would allow me to pass the client certificate. One problem here is that the client certificate actually needs to be passed during the SSL tunnel negotiation, not during the HTTP request itself. In other languages this usually involves explicitly setting up an SSL context to replace the default one during a request. It's rarely pretty. :)
POSTED BY: Daniel Cox

I've not done this myself, but I suggest taking a look at the documentation page for HTTPRequest. This function allows for specifying parameters, headers, request type, and so on (similar to curl). Wrap this with URLRead (or URLExecute) to actually send the request.
POSTED BY: Chad Knutson
Reply to this discussion
Community posts can be styled and formatted using the Markdown syntax.
Tag limit exceeded
Note: Only the first five people you tag will receive an email notification; the other tagged names will appear as links to their profiles.
Reply Preview
Attachments
Remove
or Discard

Group Abstract Group Abstract