Use Client Certificate in Android/iOS Client


#1

Hallo!

We are using Client Certificates as a sort of two factor authentication on published webservers which should only be accessable for internal users. So we enroll certificates on the Client devices.
For RocketChat we use a reverse proxy with NGINX wich "client Certs enabled:
ssl_client_certificate /etc/nginx/ssl/private_ca.cert;
ssl_verify_client on;
This works with the Mobile Webapp version in Chrome, Firefox and so on, but does not work with the Android / iOS App.
Please implement Client Certificates in the Apps to make more secure communication available.


#2

Yes, this provides so much security for something that looks quite trivial reading other implementations in other applications assuming you are more experienced of app development than me…