I know about installable certificates but I don't know how to make it. Here is how it works:
Website application owner creates a certificate for a particular browser (may be the client of the application). This certificate file will will installed into the client's web browser.
Only then, the client will be able to access the website.
No other public users will be allowed to visit the website.
This application of the website really needs that much of securities.
Further more, the the owner sets a password to each certificates and installs them to the clients computer. The human staffs at the client do not know the password of the certificate they have to install (the owner does this instead).
Would you please let me know how to create it, attach to Apache? Plus create .cert files to install in client's browsers?
I wouldn't think of correcting you when I don't fully understand something.
To me, that says that NIU is asking you to accept them as a certificating agent (rather than Thawte, Comodo, et al).
All that tells me is that, when you accept NIU as a Certificate Authority (CA), you will not receive a warning (invalid CA) in the browser you've used to accept their CA. Nothing more.
To my reading, that only verifies my original impression that you are not exchanging certificates with your visitor, only disabling a warning for an invalid CA. If you need to transmit encrypted data between two sites, I think you should think about using PGP which will be a public key/private key encryption (in each direction) and you CAN setup your server to use PGP, too (although I've not done that nor have I looked into how to do that).
The case I saw was with funds transferring application (.jsp files).
The browser must install the certificate to load the page.
Being sensitive application directly related to people's money, the web application does not run without having proper certificate. After a small attempt to find the info, I have these two links to show you similar:
This files are created in server, integrated with Apache - at the funds transering application server.
And a copy of customized certificate installed on the client's browser (who uses the web application to run the funds transfer application).
You can correct me, if I am wrong, or saw the process diffently.
Sorry it took overnight to respond.
I've never seen a situation where the recipient must have a security certificate. That's normally only for servers. Of course, you can add layers upon layers of password protected directories and PHP driven sessions (with their own username/password verification sets) but what you've described is beyond me.