Client Authentication Certificate Provider


Client certificate authentication is a nifty feature that lets you authenticate users who are accessing the server by exchanging a client certificate -- this means no more "Anonymous" entries appearing in the User Activity log of a database when accessed by Internet users. And, the client certificate is vouched for by either an external Certification Authority (CA), such as VeriSign, or by you as an internal CA, so you can be assured that the person represented by the certificate is the person you expect.

If your server applications have many users/clients, you may want to consider client certificates signed with your internal CA to make it more manageable and cost effective. Client Authentication Certificate provider is a .NET library that can help you create and manage custom client authentication certificates with your internal CA.

Why Client Certificate Authentication?Using client certificate based mutual authentication prevents at least the following attacks/problems:

Why Is Not Client Certificate Authentication Commonly Used?

Most of websites do not use SSL client certificate authentication. A lot of them do not care who are visiting the sites as they mainly provide public information and attract users. On other hand, it does raise practical issues to web users when the websites use SSL client certificate authenication. It may not be cost effective when a websites have many many users and each one of them has his/her own certicate if these client certicates are generated by a trusted Root Certificate Authority (CA). However, you may choose to user internal CA to generate client certificates. In this case, you are the Root Certificate Authority for your own company. You create your own Root CA certificate that can be used to sign all client certificates you are going to create. Now a days browsers can easily import client certificates to support SSL client certificate authentication.

Be Your Own Certificate Authority

You can be your own Certificate Authority (CA) if you are hosting intranet websites. Your CA can be used to sign both server side and client side certificates. If you search Be Your Own Certificate Authority on the Internet, your will figure out how to get it done pretty quickly for intranet web applications.

Can you be your own Certificate Authority (CA) for your website on the Internet? The anwser are Yes and No.

How Does Certificate Provider Work?

The Certificate Provider has an internal CA service and a Client Authenticate Certificate service. The internal Certificate Authority server can help you to create your own Root CA certificate. The Client Authentication Certificate service creates the client authentication certificates for your clients. All SSL client certificates you create will be signed with the same internal CA certificate.

The Client Certificate Provider will make it easy to setup your websites/services under IIS to use client certificate authentication.

To use client certificate authentication, your websites/services must use HTTPS binding. Here are the few steps to use the provider

Note: you can also create client certificates with your own application or website by calling CertificateProvider API

If you have any questions or problems to use client certificate authentication, feel free to contact us.

Obtain New License
Renew Existing License


Source Code of CertifcateManager
Certificate Provider Binary

Update History:

Date Changes
2015-06-08 Added license key to protect the license (version 1.0)
2014-12-12 Initial Release Version 0.8