I have been trying to secure Relativity server with a SSL cert, and succeeded with that yesterday after struggling a bit with converting my .cer cert to .p12 cert. However, when I try to open https://www.mydomain.com:8099, the server info page is showing the correct certificate and the connection is marked as secure by the browser.
Now, I see that the Relativity server is asking for a client certificate. This happens both when I open the website on port 8099 and when I try to login on my application. I can see on the TROWinInetHTTPChannel there is a ClientCert property for this pursue, but is it really necessary?
Can this be disabled, or will the Relativity Server always ask for client certs? If I have to provide client certs, then how do a get some? Do I create them based on my SSL cert on the server? I’m really not an exert on this.
Thanks for any information regarding this matter so I can proceed creating my first production server for my current client
I mean when I navigate to my Relativity url https://www.mydomain.com:8099 I’m asked to provide a client certificate to authenticate myself on the server. This also happens in my Delphi DataAbstract app as well. Every time I connect to my Relativity server, I’m asked to provide a client certificate. Is this normal behaviour? Or is it something wrong with the way I converted my .cer SSL certificate to Relativity.pfx?
See screenshots for some images on how it looks like on the client side…
Interesting that Win10/Chrome didn.t show any additional dialogues. Ceriticate has been accepted and the connection is considered secure:
The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key exchange), and AES_256_GCM (a strong cipher).
Thanks for your answer. I checked out the Enhanced Key Usage as you mentioned and you are right there are both the Server and Client Authentication mentioned. I also checked out the SSL certs on talk.remobjects.com as well, and that cert both have Server and Client Authentication as well. However, I have now switched back to using a Relativity generated certificate, and the same thing occurs. As you can see, only the Server Authentication (1.3.6.1.5.5.7.3.1) Purpose is shown in the Relativity generated certificate
The “Select a certificate to authenticate yourself at https://www.mydomain.com:8099” still pops up on all browsers. Funny part is that on my iPhone, the browser there does not ask for a certificate.
The original SSL certificate I’m trying to use works well for my IIS ISAPI apps with no client certificate issues.
I must admit I’m a little bit lost here. I do not know the whole HTTPS / SSL world well enough to have a say on this issue.
I can certainly try to convert to .p12 again. However, the issue with client certificates still persists when I remove my SSL cert and use a Relativity generated cert. Even then, my Delphi app and all browsers are asking for client certs.
Anyhow, I will try to set up another instance on AWS EC2 and try from scratch. Maybe I have done something wrong during setup. I’ll get back with the results later
