mdmarkbowman
asked on
Client Side Authentication Internet Explorer
Hi,
I am looking to implement a more advanced secure authentication of users who will have access to our internal business web systems.
We are using sessions, htaccess restricted IP and we also want to restrict the access unless the pc has the client side authentication. A lot of banks use this method and the certificate is installed in the "Tools", "Internet Options", "Content", "Certificates".
This will heighten the security of our system and who has access.
Can anyone help?
Thanks
I am looking to implement a more advanced secure authentication of users who will have access to our internal business web systems.
We are using sessions, htaccess restricted IP and we also want to restrict the access unless the pc has the client side authentication. A lot of banks use this method and the certificate is installed in the "Tools", "Internet Options", "Content", "Certificates".
This will heighten the security of our system and who has access.
Can anyone help?
Thanks
are you talking about "SSL Client Certificates"?
ASKER
I think they may be called this?? Yeah they are the certificates that are issued by a company/organistion. So for example: if i don't have the issued certificate installed on the pc i work from I could not acces my systems.
I had to download one to get to our Business Internet Banking. So our Internet banking can only be accessed from my computer at home and know where else.
Does this help?
I had to download one to get to our Business Internet Banking. So our Internet banking can only be accessed from my computer at home and know where else.
Does this help?
ok, you want client certs, and what is your question about?
ASKER
Thanks for getting back to me. Well I just want to know about the process involved in getting this kind of authentication implemented. I kinda made the assumption that over the past day or two from looking on the web that you buy the client certs from some (CA).
But after signing up on Business Internet Banking with my bank it required that I downloaded the Digital ID from the banks server and install it. Then it allows me to access the internet banking site.
We use a Linux Server running apache.
Thanks
Mark
But after signing up on Business Internet Banking with my bank it required that I downloaded the Digital ID from the banks server and install it. Then it allows me to access the internet banking site.
We use a Linux Server running apache.
Thanks
Mark
if you own the server you can make your own certs (don't need to buy them) and distribute them to your clients, thats called a PKI (public key infrastructure)
if you're client you have to use the cert provided by the owner of the server and install it into your browser
if you're client you have to use the cert provided by the owner of the server and install it into your browser
ASKER
Yes its a dedicated server that we lease. So I take it we can generate as many as we want or do we just create one and its for the domain specifically. So essentially we generate a certificate for each login/user or we generate on cert and everyone uses the same one. Sorry but I am very naive about this subject/programming at times?
Help is appreciated!
Help is appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.