Client Certificate Authentication

(Web & KeePass clients)

Client Certificate Authentication is an advanced security mechanism allowing connecting Clients to prove their identity to a Server by providing a Certificate. This can be accomplished by configuring IIS to require an established Certificate from the connecting devices.

Requires: The previous installation of IIS 7.5+ to host Password Server

Step-by-Step Reference for Configuring IIS for client certificates

Here the manual steps for configuring your IIS site to map certificates.

 This steps are technical and quite involved, and need to be followed closely to ensure something is not missed.

Configuring KeePass for Pleasant Client

The KeePass client version compatible with this is in beta, and the download is available upon request. Please contact us for further details.

  1. Here is a technical summary of how the functionality works:

    • The Client will establish a TLS/SSL session with IIS, and send a request. IIS sends a new TLS/SSL request to re-negotiate based on the client certificate authentication, and asks for a certificate. Once provided by the client, the second TLS/SSL negotiation completes successfully.

  2.  To set the option, open this KeePass config file:

  •  %appdata%\KeePass\PasswordServerClientConfiguration.xml

  • Look for the Thumbprint on your client certificate. Add a line called ClientCertThumbprint so that the file includes lines that look similar to this:

    • <CertThumbprint>801F5DE467D0365B14935A53FA4A43EC48AEB3C6</CertThumbprint>
    • <ClientCertThumbprint>AC538GE891D4B123A3432FB5B51ED51BCE4A1129</ClientCertThumbprint>
Tag page
You must login to post a comment.