Client Certificate Authentication

Some websites need Client Certificates for authentication. In case G-SIM Web Browser is not able to uniquely identify the Client Certificate in the current user certificates store,it needs an additional mechanism to provide the Client Certificate for authentication.

Therefore G-SIM uses a plugin-based approach for the Client Certificate provider implementation. This approach gives the opportunity to create custom Client Certificate provider plugins to fit the customers specific requests without changing any G-SIM modules.

A default G-SIM Client Certificate provider plugin is included in G-SIM and will be installed on the client computer during the G-SIM installation process.

Custom Client Certificate Provider Plugin

The GSIM.OperatorUI.exe.Config file contains the MEFPluginsPath setting. It specifies the path to the folder where the custom Client Certificate plugin is going to be searched.

Whenever G-SIM Web Browser needs Client Certificate to be provided, the Client Certificate plugin will be searched in this folder. If a plugin exists in this folder, it will be used.

Otherwise the default G-SIM Client Certificate provider plugin will be used.

The default MEFPluginsPath setting refers to <gsim_installation_path>\ Geutebrueck\GSim\MEFPlugins.

This folder is going to be created by the G-SIM installer.

Default Client Certificate Provider Plugin

Default Client Certificate provider plugin will be used if custom client certificate is absent. It opens a popup window like the following, with a list of all certificates in the current user certificates store which are issued for the client authentication.

To use a certificate for client authentication select the desired certificate and click on the Ok button. Click on the Cancel button to close the popup window without providing a certificate to the G-SIM Web Browser.

To get additional certificate details, click on Click here to view certificate properties and a properties window is going to open.

Caching Client Certificate

The selected Client Certificate is cached per Website during operator console sessions.

Whenever operator console is restarted, Client Certificate should be provided again.

Technical Details

G-SIM uses the Microsoft Managed Extensibility Framework (MEF) for Client Certificate provider plugin usage.

To create a custom Client Certificate provider plugin, developers should build a .Net assembly with a class that implements the GSIM.CertificateProvider.ICertificateProviderPlugin interface from the GSIM.CertificateProviderPluginInterface.dll assembly.

The Class should be marked with [Export(typeof(ICertificateProviderPlugin))] attribute.

The Assembly should be copied to the folder from GSIM.OperatorUI.exe.Config file’s MEFPluginsPath setting.