Answer the question
In order to leave comments, you need to log in
How to make a client certificate for authorization?
Good afternoon! I have a specialized software, this software has a WEB module on Windows IIS. For this module to work, SSL certificates are needed, and not only server certificates are needed, but also client certificates for authorization by certificate. I made self-signed certificates with OpenSSL and everything works fine through a regular browser, but there is also an android mobile app. There was a problem with the mobile application - it does not accept self-signed certificates, I tried to seek help from the Czech Republic - they said I need an official certificate, it won't work without it. The essence of my appeal - if I get a Lets Encrypt certificate, I will install it on my IIS server, Is it possible to make authorization by certificate? Or is it possible only for paid certificates and you need to buy it? And how then to issue client certificates? poke the nose of the ignoramus into the manual on how to make client certificates with LE on the server
Answer the question
In order to leave comments, you need to log in
After much torment, I managed to connect. First, I changed the domain from example.local to example.ru . Previously, I could not do this, since the software license is tied to the computer name and to the domain, but now it is possible to update the license, respectively, the ability to change the domain. Secondly, the example.ru domain has been purchased from us and you can get a trusted certificate. To obtain a certificate, I used the freessl.space service.
The resulting certificate was converted to pfx format using openssl, imported into IIS, and then installed on a local computer and on a mobile device. After that, everything worked, it opens through the browser, the mobile application connects
I did not configure it myself, but I worked with such a scheme on IIS. LetEncrypt was used as a server certificate, and an internal certification authority was raised for clients (with a self-signed root certificate) and it already issued certificates to clients.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question