More on Using Web Authentication

Introduction

This document provides additional details on the use of Personal PKI certificates to gain access to PKI controlled Web sites. Personal certificates are an alternate way for a system to authenticate users. A PKI solution has the advantages of being directly supported by some web browsers and servers and it does not transmit passwords on the network to a server. To use these functions you need to have a web browser that supports client side SSL authentication installed on your desktop computer. You also need a key pair and certificate for yourself. The necessary certificates can be stored on your local machine's hard disk or removable hardware such as a smart card or a USB token. Web systems requiring PKI access control need to be programmed to use authentication information delivered through SSL.

NOTE: The PKI functionality described in this document is still evolving. As such the details many depend on which of the many versions of a particular web browser you are using. This document attempts to identify which versions of programs and operating systems are being discussed. Other versions many be different. Other browser likely have similar features if your favorite is not covered.

Web Browsers Supporting Personal Certificates

Many web browsers include support for personal PKI certificates. Netscape Communicator versions 4, 6 and 7, and Mozilla versions after 0.9 support personal PKI certificates on all operating systems. Internet Explorer version 4 and later work on Windows operating systems as does Opera 6.01. On UNIX systems the Chimera, Opera and OmniWeb browsers include client side certificate support.

Browsers that don't support Personal Certificates

Internet Explorer 5.2 and earlier or Safari version 1.1 and earlier DO NOT support personal certificates on Macintosh. Netscape versions 6.2.1-6.2.3 seem to have bugs in support of personal certificates for client authentication. (ef 9/15/02)

Key Pair and Certificate Stores

The web browser needs access to your private keys and public key certificates. Currently there are several different ways in which this information is managed depending on the client and the PKI system that you are using. The various options are described below.

Microsoft's Internet Explorer on Windows operating systems controls the operating system certificate cache. To access the certificate cache open Internet Explorer. On IE v5.5 or 6.0 select the "Tools -> Internet Options" menu item and choose the "Content" tab. Clicking the "Certificates" button opens the Microsoft Certificate browser. Using the browser you can examine the contents of the cache. Certificates in the cache are organized into four categories: Personal (yours), Other People (your associates), Intermediate Certificate Authorities and Trusted Root Certification Authorities (CAs). CA certificates establish the trust chains needed to verify the validity of a given certificate.

On Macintosh OS X (and earlier), Internet Explorer 4.5 through 5.2 do not support personal PK certificates. The browser contains only Trusted Root CA certificates.

The Netscape browser on all operating systems also provides certificate cache functionality. In the 4.x versions of Netscape, the certificate cache is accessed by clicking the "security" button on the main tool bar. Its functionality is similar to IE. The certificates are categorized according to their purpose. You can review the certificates' contents and their validity. The details of the Security User Interface are version dependent, though the functions are similar.

On Windows Operating systems, for Netscape version 4.6 and later, Netscape released a replacement security module called the "Personal Security Manager" (PSM) which is a recommended update. The certificates are categorized according to their purpose: Mine, Others, Web Sites, Authorities. Choose a category, then choose a certificate. The "View" button displays contents, the "Backup" button exports the certificate. The "Restore" button imports certificates. There are also buttons to "Delete" a certificate and "Backup All". From the "View Security Certificate" window you can review a certificate's contents and its validity. "More info" shows the ASN.1 display of the certificate. Certificates not in the "Mine" categories have an "Edit" button used to indicate if you want to trust a particular certificate and for what uses.

The Mozilla browser and Netscape 6 and 7 are close relatives. The PSM is built into Mozilla when you do the full install. In Mozilla, the PKI functionality is accessed through the preferences panel from the edit menu. Click on the arrow next to "Privacy & Security" and then click on "Certificates" in the expanded list. The "Manage Certificates" button displays the certificate cache window.

The Omniweb, Opera and Chimera browsers provides similar functionality.

The Entrust Desktop client provides it's own certificate storage, which can be used with supported web browsers through the version 5 Entrust/Direct product. Tne Entrust/Desktop application provides access to your private keys and automatically maintains them. You can view them using the Entrust Options application. The Entrust/Authority (version 6) can be configured to allow key and certificate export to the Microsoft Crypto API and PKCS #12 files (which can be used with Netscape and Mozilla).

Key Storage and Passwords

Certificates and private keys are most commonly stored on the computer hard disk in a storage area controlled by software security features of the client or operating system. The certificate stores (caches) can be protected using pass-phrases. The Internet Explorer cache (also called the Microsoft Crypto API) supports 3 levels of control, low (no protection), medium (ask the first time the cache is used) and high (ask for pass-phrase every time the key is used). The IE cache can be unprotected and that is the default, but a questionable practice. Since Windows 98 does not require a user login, the private key is usable by anyone who can turn on the machine if there is no pass-phrase. On Windows NT and 2000, a user login is required which provides some protection.

On Windows 2000, when Internet Explorer is used to generate a key pair to be used in creating a certificate, their is no opportunity to set higher protection for the key. There isn't an interface in IE to turn it on later either. When certificates are imported into Internet Explorer using .p12 format files, the "Import Wizard" does provide an opportunity to set higher key protection. To set key protection for your Internet Explorer generated key you must export it and re-import it.

Netscape (ver 4.78 Win 2000) requires a pass-phrase. Mozilla recommends a pass-phrase but it is optional. Entrust requires a pass-phrase.

Certificates can also be stored in specialized hardware devices such as smart cards and USB tokens. Netscape and Mozilla support the PKCS #11 standard for key and certificate access.

Getting CA Certificates

You may need to acquire additional CA certificates by downloading and importing them. During the import process, the browser takes you through a series of dialog boxes to accept a new CA certificate and select for what uses it is to be "trusted". Netscape and Mozilla require you to manually make a selection. Internet Explorer enables all uses by default, which you can later change by editing it's "properties". These functions on found in the application's certificate management windows. Certificates can be downloaded from appropriately configured web servers that define the proper MIME type.

Certificate Import/Export

Some Certificate Stores (browser and operating system level mechanisms) support methods to transport key pairs and certificates between caches and other key storage devices. The PKCS standards define the various formats and their features. PKCS#7 is a format for transferring certificates and NOT the private key. A PKCS#7 file may contain a chain of certificates. A PKCS #12 file can contain Public Key certificates and the corresponding private keys. Such a file includes a password-encrypted envelope to protect the private key. Netscape and Mozilla use the PKCS #12 standard. Later versions of Internet Explorer can also import and export .p12 files. On Windows, the filetype .pfx is a synonym for .p12. Microsoft Internet Explorer supports the PKCS #7 (.P7B) format for importing and exporting certificates.

Most browsers include code to generate a public/private key pair locally. This feaure is used by some Certificate Authorities (such as iPlanet CMS and the CREN Test CA) in their registration procedure. In this case, only the public key of the pair is sent to the CA to be incorporated into a certificate which is then returned to the browser's certificate store. Note that the private key exists only on the user workstation. The CA has never had a copy. Netscape supports exporting your key-pair and certificate as a PKCS#12 format file. A PKCS#12 file protects the private key by password protecting the file.

Certificate Selection

There can be multiple personal certificates in the "personal" section of a certificate cache. Some clients make an automatic selection after comparing the issuer fields. Otherwise a manual selection may be required.

Certificate Requirements

Certificates have a Distinguished Name (DN) to describe the subject and their institutional affiliation. E-mail addresses are often included in a certificate. The field location and attribute identifier for the e-mail address have varied over time. Key Usage bits in the certificate need to be set to allow signature and/or encryption and depend on the policies of the issuing organiztion. Additional fields may need to be required for other applications.

Using an Access Controlled Web Site

To begin using an access controlled web site you need to acquire an appropriately defined chain of Public Key certificates. Typically the issuer of the Certificate needs to have contracted for the controlled service. The issuer of the institutional certificate needs to be accepted as trusted by the information provider. The browser's security preferences may need to be configured to control which certificate is used and often the certificate database password needs to be provided. The basic interaction is begun by navigating to a URL prefixed by https URL for a directory with client side SSL set to "required" in the .htaccess file. The web server initiates an SSL connection requiring a personal certificate from the web browser. If the SSL session is successfully initiated, the environment variables of the web server contain information obtained from the client's certificate.

For a description of the procedures to follow when using a particular browser, refer to the appropriate page below:

Accepting Certificates

Netscape and Mozilla may report that a legal path to the web site cannot be constructed until you accept a CA certificate in the web servers chain of certificates. A secure connection can't be established until you view the certificate and edit it's "trusted usage".

Known Bugs

Version 4 of Netscape on Macintosh sometimes won't display GIFs included on secure pages

Version 4 of Netscape on Macintosh sometimes reports that a link to a secure pages can't be followed because the file is not available.

If you visit a URL that requires client side SSL and you don't have a personal certificate:
Netscape 4 displays an alert
Mozilla reports an error "[server name] has received an incorrect or unexpected message. Error code -12227."

Internet Explorer for Mac (version 5 and later, possibly earlier too) generates an error if you try to connect to a web site that has "SSLVerifyClient" set to "optional". It complains "Security Failure. Personal certificate required." It should instead continue to connect. (Netscape 7.0 on MacOS does the right thing)

Other Issues and Questions

There were many questions raised in the process of gathering this information above. Here is a list of some of the unanswered questions. Please contribute answers and experiences if you know something about the issue.

Information on other possible clients: eg. on LINUX Galeon, Konqueror, Chimera, Opera and Omniweb?
iPlanet CMS enrollment worked on Galeon 1.2.x and Opera 6.0.1 (failed on earlier Opera)

What does the interface to the Netscape certificate cache look like on Windows without PSM? Does it work at all? Anything interesting about different versions of PSM?

The details of the Netscape Security User Interface and the sequence of actions in accepting certificates are version dependent, though the functions are similar. Is it useful to document how any of the older versions worked?


Dartmouth College PKI Lab
Last update: 7 January 2004