passing the Client certificate over HTTP

Question

We have use case where we need to pass the client Certificate and Key over Http. And this has to achieved in a single HTTP Request. Meaning, Client will send a HTTP GET and in HTTP response we need to send the clientCertificate and keys.

I tried making below tests,

1. I generated pem file to containing client Key and cert and set the content type of http reposne as "application/x-pem-file" [Result] : Mozilla and chrome are not understanding the mime type and its asking to save.

   1. if i use the mime type "application/x-x509-user-cert" , mozilla is interpreting mime type but throwing an error.

I am not sure how we can achieve this (passing client certs and keys to browser over HTTP). Kindly help us.

Thanks Pradeep

Answer 1

First you need to determine, which key you want to send. Private keys are almost never transmitted this way - that's a big security flaw. And if you send only public key - this one is already contained in the certificate.

Now canonical format for certificate is binary DER encoding. PEM and anything equally non-standard doesn't have a single chance to be recognized by the browser. I.e. what you can send and hope that it will be handled by the browser is binary DER certificate itself.