Which certificaat providers allow creating of Client Certificates


#1

Apparently the letsencrypt certificate we did issue does not allow to create signed client certifcates.

I can do this whole process of creating and signing which results in clien_cert.pfx and install this client certificate at the client workstations, but in the end the server does not trigger the request of a client certifcate at the client site. Normaly a browser pops up where you can choose for the appropriate installed client certificate and normally the server code is able to read the fingerprint of the returned client certificate.

What certificate provider delivers certificate that does allow us to create signed client certificates?


#2

Hi,

Could you please elaborate more on ‘signing client certificate’?

What are you trying to archive with that function?

Let’s Encrypt CA will only issue certificates for regular domain name certificate (which means no email certificates, no customized name certificates e.g. myuser1 as common name or SAN)

If you want to create bulk trusted client certificates (with email or hostname as SAN or Common Name), please try to ask a commercial CA for a CA certificate (instead of a regular CAs)…
It may be impossible to issue DV certificates (with common name / SAN not equal to email or hostname) as a CA since those always need advanced auth.

If you are trying to create bulk client certificates for your own site, it’s better to create a private CA by yourself (or third party) that does not come from a CA (intermediate CA) that could issue certificates to other parties (since other with the same intermediate CA issued certificate could login in to your site when you limit the login by CA certs)

Thank you


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.