We're thinking of improving the authentication of some critical webpages with client certificates, but we're not sure whether it's a widely used standard.
Are SSL Client Certificates well supported by all major browsers? In particular, do they work on the following browsers?
- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Apple Safari (Mac and iOS)
- Android Web Browser
(We use Apache on the servers, if that matters)
I don't have a way of testing all of this, but this site came up on google with instructions for installing PKCS#12 certificate/key pairs in a number of different situations, including on the iPhone.
It seems that Android only uses PKCS#12 certificates for VPN authentication. Here is the wishlist entry for browser client authentication support using imported certificates.
That depends on the CA (Certificate Authority) and whether they are included as defaults or updates to the various web browsers. You can get a general idea by looking through the default CAs included/identified with the various web browsers.
Non-included CAs will result in a warning screen via the web browsers, which may cause some alarm/concern with some users.
SSL over HTTPS support is generally universal across the contemporary web browsers.