Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a way for a java web app to get information on the security certificates installed on one’s machine via a http request and selectively grant access if a particular certifiicate is installed on the machine.
Basically the requirement is, the web application should entertain request only from a company laptop else must deny access with appropriate error text.
(These could be win laptops with certain certifcates installed on their machine or they can be from a certain set of static ips.)
Yes, this is possible using HTTPS client certificates. The exact setup and configuration depends on your application server and specific requirements, but a common scenario woul be that you create a company internal CA (certification authority) to issue the client certificates which may be restricted to specific client IP addresses and configure your application server’s HTTPS connector to require a client certificate and to trust certificates issued by your own CA.
After the proper configuration has been done, the client certificate(s) is/are made available to the web application through a servlet request attribute: