I’ve been playing with using client-side SSL certificates (installed into your web browser) as a means to authenticate against a Ruby on Rails-powered application. This subject is geeky and of limited interest even to the people who read this blog (with the possible exception of Ruth, who may find herself doing exactly this as part of her Masters dissertation), so rather than write about it all here, I’ve written a howto/article: SSL Client Certificate Authentication In Ruby On Rails. If you’re at all interested in the topic, you’re welcome to have a read and give me any feedback.
Looks interesting. One thing springs to mind reading it – have you played with client-side certificate generation, so the server never sees the client private certificate? Moz has the <keygen> tag and I know IE has a similar-but-subtly-different tag. I was looking for a browser-agnostic way of doing this in rails recently and didn’t find much, but I wasn’t looking all that hard, I must admit.
Hm, seems the comments system strips out html tags rather than escaping them. I meant to mention the “keygen” tag above as the one that Moz uses.
Dan says: Corrected it for you.