#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2004
    Posts
    82
    Rep Power
    11

    Accessing root certificate store from JS?


    How can I access the root certificate store in the user's browser with Javascript, to check if a specific root certificate is installed?

    Or is it possible to query the root certificate store to see if the certificate is installed?

    What Im doing, is a captive portal for a public WLAN access point, that will ask the user to install a SSL CA, and then check if its correctly installed before letting user access the internet.
  2. #2
  3. a rootin', tootin', shootin'
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Feb 2004
    Location
    location.href="hame"
    Posts
    3,475
    Rep Power
    100
    Can't be done (for plainly obvious security implications).
    while ((code="javascript").substring(0,4)=="java") code!="java"

    while ((gratitude="thanks in advance").substring(0,6)=="thanks") gratitude!="thanks"
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2004
    Posts
    82
    Rep Power
    11
    I understand if the client certificate store is protected since it contain sensitive information, but I don't understand whats for security implicitations by allowing anyone read-only access to the root certificate store. The rootstore dosen't contain any sensitive information.

    But do you have any other idea on how I can check if a specific root certificate is correctly installed? Im thinking with providing the private key along with the root certificate (it don't matter if that key goes loose), and then doing a client certificate validation.

    But the problem is if the end user select to install the root certificate in his client certificate store. Then the certificate will be "untrusted" for websites, but still it would pass client certificate validation.

    Do you have any idea on how I can require install of certificate before user can access the internet?
    With "require", I dont mean force. I know its impossible to force a user to install a certificate, it would have security cosequences.
    With "require", I rather mean the user is still free to select if he wants to install the certificate or not, but if he select not to install the certificate, he not gonna get any internet from my WLAN Access point.
  6. #4
  7. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,009
    Rep Power
    2791
    What are you trying to do exactly?
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2004
    Posts
    82
    Rep Power
    11
    What im trying to do, is to check if a CA certificate with thumbprint 8649044b4c1bc02e6ef256b894b81a177e15e7c4 or a certificate with the DN "HAVP Anti-Virus Scanner CA Root" is installed in the user's root certificate store.

    I just want a true/false or a yes/no or a 1/0 value that says if the certificate with a specific thumbprint or DN is installed in the user's root (CA) certificate store.

    Im think of making a script, that checks this, and then calculates a secret based on some values, that the end user dosen't know.
    Then the script will check if the certificate is installed or not.
    If the certificate is installed, the script will just run a window.location = "http://192.168.0.1/CertInstallSucess.cgi?secret=<secret calculated from script>";

    If the certificate is not in the user's root store, it will do a:
    window.location = "http://192.168.0.1/CertInstallInstructions.cgi";

    Then Im gonna obfuscate the script heavly, to prevent user from being able to calculate the secret for himself.

    The CertInstallSucess.cgi will be a CGI script, that checks if the "secret" value is correct, then it will tell the WLAN firewall to let that specific user to access the internet.
    The CertInstallInstructions.cgi will provide user-friendly step-by-step instructions based on the user's User-Agent tag, that tells the user how to download and install the root certificate in his browser.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Posts
    1
    Rep Power
    0
    Hello!

    Did you find solution for your problem? I have the same problem. I would also be satisfied with code in ASP. I just need to validate if client has trusted root certificate

IMN logo majestic logo threadwatch logo seochat tools logo