0

Is it possible, in general, for a server to require both client certificate authentication and BASIC authentication?

For example, an intranet site of some sort, which requires :

  • The machine to have a specific certificate installed (client cert authentication), AND
  • A valid user to log in (basic authentication)

NOTE: this question isn't about a server supporting one or the other, but both together (as in the requester must authenticate both ways)

Improve this question

1 Answer 1

Reset to default
1

Yes, it is possible to have both. The client certificate will be verified during the TLS handshake while basic authentication will be done at the HTTP level, i.e. inside the TLS connection after the TLS handshake is done and the client certificate checked.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.