scripts.mit.edu

MIT SIPB Script Services for Athena

Certificate Authentication in Safari

February 22, 2010 at 3:40 am by in

If you’ve tried to use our recommended configuration for authenticating users using MIT certificates, you’ve probably discovered that Safari users are not offered the opportunity to select a certificate. This is due to a bug in Safari’s SSL implementation where it will never present a certificate unless the server requires that it present one (we do not require that a certificate be presented, so that we can show a page saying “you need certificates”).

Starting today, we’ve added some additional code that will force Safari to show the certificate selection dialog. If you are using the recommended configuration for certificate authentication, this will take effect for your site automatically. (Specifically, what we now do is that force an SSL renegotation if we find the Safari browser.)

If you are using any other configuration than our recommended configuration, the behavior should not change.

(You can see the technical details of this change in our source browser.)

© 2004-2017, the SIPB scripts.mit.edu project.
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact scripts@mit.edu.

You are currently connected to bees-knees.mit.edu.