September 15th, 2008, 03:50 PM
Accessing root certificate store from JS?
Or is it possible to query the root certificate store to see if the certificate is installed?
What Im doing, is a captive portal for a public WLAN access point, that will ask the user to install a SSL CA, and then check if its correctly installed before letting user access the internet.
September 16th, 2008, 07:52 AM
Can't be done (for plainly obvious security implications).
while ((gratitude="thanks in advance").substring(0,6)=="thanks") gratitude!="thanks"
September 16th, 2008, 02:54 PM
I understand if the client certificate store is protected since it contain sensitive information, but I don't understand whats for security implicitations by allowing anyone read-only access to the root certificate store. The rootstore dosen't contain any sensitive information.
But do you have any other idea on how I can check if a specific root certificate is correctly installed? Im thinking with providing the private key along with the root certificate (it don't matter if that key goes loose), and then doing a client certificate validation.
But the problem is if the end user select to install the root certificate in his client certificate store. Then the certificate will be "untrusted" for websites, but still it would pass client certificate validation.
Do you have any idea on how I can require install of certificate before user can access the internet?
With "require", I dont mean force. I know its impossible to force a user to install a certificate, it would have security cosequences.
With "require", I rather mean the user is still free to select if he wants to install the certificate or not, but if he select not to install the certificate, he not gonna get any internet from my WLAN Access point.
September 17th, 2008, 03:27 AM
What are you trying to do exactly?
September 17th, 2008, 01:50 PM
What im trying to do, is to check if a CA certificate with thumbprint 8649044b4c1bc02e6ef256b894b81a177e15e7c4 or a certificate with the DN "HAVP Anti-Virus Scanner CA Root" is installed in the user's root certificate store.
I just want a true/false or a yes/no or a 1/0 value that says if the certificate with a specific thumbprint or DN is installed in the user's root (CA) certificate store.
Im think of making a script, that checks this, and then calculates a secret based on some values, that the end user dosen't know.
Then the script will check if the certificate is installed or not.
If the certificate is installed, the script will just run a window.location = "http://192.168.0.1/CertInstallSucess.cgi?secret=<secret calculated from script>";
If the certificate is not in the user's root store, it will do a:
window.location = "http://192.168.0.1/CertInstallInstructions.cgi";
Then Im gonna obfuscate the script heavly, to prevent user from being able to calculate the secret for himself.
The CertInstallSucess.cgi will be a CGI script, that checks if the "secret" value is correct, then it will tell the WLAN firewall to let that specific user to access the internet.
The CertInstallInstructions.cgi will provide user-friendly step-by-step instructions based on the user's User-Agent tag, that tells the user how to download and install the root certificate in his browser.
January 9th, 2009, 04:11 AM
Did you find solution for your problem? I have the same problem. I would also be satisfied with code in ASP. I just need to validate if client has trusted root certificate