We are creating a browser based HTML5 application targeted for Android devices through the Chrome browser. Security is a chief concern and beyond userid/password requirements, the company also desires to ensure each user has a proper SSL certificate installed before granting access.
Does this even make sense, and if so, can someone provide some resources where I can research this further?
I always thought the cert was stored on the server to secure a session between itself and a client. But I am not aware of the browser somehow providing an installed cert to a server that ensures it is a valid client.
SSL communications can involve certificates installed to both the client and server. An IIS website can be configured to require a client side certificate is installed.
Regarding Android, current versions do not support leveraging an installed client side certificate through the browser. This thread is tracking this particular feature.
http://code.google.com/p/android/issues/detail?id=11231#c107