Solved

SSL Client auth

Posted on 2014-03-21
3
386 Views
Last Modified: 2014-03-21
I read some sites on SSL client auth, but am having trouble wit this concept.

Apparently the client is authroized by n X.509 certificate unique to the client, and no uid and pw is required.

Is this correct, and where does the x.509 client certificate get stored, in the server or the client.

How does htat work
0
Comment
Question by:Anthony Lucia
  • 2
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39945892
The concept works this way:

1 A key (cert) is generated and the server Access Control list is updated to include the key

2 When the client connects to the server if a client ssl is required the client checks it's store for the relevant cert (Current user if user based - local machine if computer based)

3 In most instances serial or thumbprint or both or other aspects are matched and the server authenticates the client.

Since certificate based authentication is key pair based the client may in some instances have both the public and private keys, while the server would have a copy of the public or the thumbprint etc depending on how this is designed.


See here for more detailed info:
http://docs.oracle.com/cd/E19424-01/820-4811/aakhe/index.html
0
 

Author Comment

by:Anthony Lucia
ID: 39946000
Regarding the following:

1 A key (cert) is generated and the server Access Control list is updated to include the key

Open in new window


How does this happen.  Is this a manual process, and is the user cert preloaded or forcibly loaded into the server SSL (kind of like the cert authority in regular SSL)  ?
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39946051
Any number of ways:

If this is a server to server call, the client server can simply request a certificate from a publicly trusted CA and then share the public key with the Web server requiring client auth.

This can also be done in an enterprise environment by having the Enterprise CA issue the certificate for the clients.

It all depends on the model you wish to implement:
Internal or external solution
Server to server or user to server.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question