Testing if a client certificat is installed in the client browser

I was wondering if any of you know if it is possible in javascript or php to test if a client开发者_如何转开发 has a specific client certificate installed in the browser.

The thing is that we have a server certificate installed but to be recognized by the clients, they need 2 client certificates that make them recognize the authority of the issuer of our server certificate. We would like to test the browser for these 2 certificates, if there are not there, we want to propose the client to download them before to enter in https mode...

Anybody can help? Please detail your answer if you know one.

You can do it client side by using javascript to request a known file from a secured (https) source. if the request fails then it means the client refused to accept your certificate (or another network error) at this point you could popup a message to ask the user to install the root certificate with a link to the root certificate.

This must be done from a non secure page. otherwise the user may refuse your certificate and never load the page to start with and therefore your javascript never runs

It can't be done in PHP because php (which is server side) cannot determine whether the client browser has a particular root ca installed

I however would not do this. get a proper certificate instead.

You appear to have insufficient understanding of how SSL works in general. I suggest spending some time understanding how SSL works and how certificates are used.

DC

to learn about sending and receiving http responses with javascript read this page..

http://www.w3schools.com/XML/xml_http.asp

It can be used to send and receive any text data, not just xml. It is real easy to implement but you must be aware of browser version issues.

DC

what about a warning message that will be hidden by a javascript which will be loaded from your https site.

in the warning message you can link the windows update site or wherever the updated root certifcates can be downloaded to their browser.

PHP is a server side language. If you really want to test this then you need to do it with JavaScript and then send back an AJAX request to PHP.

But I think there is another solution to your problem. Normally when a CA change their name etc. they have usually new "Intermediate Certificates" you can use. (If you have an apache httpd server then you can search for "ca bundle" on their website as well.) With this bundle you can send the new CA certificate along with your certificate.

Forcing your users to download and install a homegrown CA certificate is ugly and hateful. Instead, show them the love and pay the $30 US to get an SSL certificate signed by a reputable, already trusted, CA.