schmuck
Jun 17, 2014Nimbostratus
Automatically select a client certificate in a mobile device
We are doing client certificate authentication. Everything works fine if the device only has one certificate. Unfortunately a deployment of AirWatch has made certificates on user devices a bit more plentiful. There are multiple certificates with different issuers. I am only concerned with one of the issuers. Right now, if the user gets lucky and manually selects the correct certificate (the names are not helpful) all is good. If they don't, they're in trouble. Is there a way to automatically look for the cert signed by the Root CA Chain that we have instead of prompting the user? Basically look for [X509::issuer [SSL::cert]] and reject it if it isn't domain.com and then inspect the next one and accept it if it is issued by domain.com?