Client side certificate authentication in J2EE
I am interested in way by which we can do client side authentication in j2ee platform.
1. Certificate will be generated and will be sent to client.
Same certificate should be protected by password.
2. Client will install it on the machine. Preferably widnows machine.
3. Client will access web application from server by entering URL from web browser.
4. Server side application should be able to validate client side certificate. i.e. validity , expiry date.
Further, user will enter PIN for authentication.
This Pin will be checked against password of client certificate.
This is high level requirement.
In order to address that, I did following using java:-
1. I created PFX file certificate using keytool command.
2. I double clicked it on client machine so that it will be installed in client machine.
3. I created applet and deployed it as part of web application.
4. In applet , I did coding so that it can access certificate present in client machine certificate store.
I am now stuck in following points:-
1. How I can securely pass output of validation done in applet outside to html and finally to application server.
According to me , there is no secure way to do that.
2. Is there any other way to do client side certificate validation using web application.