Solved

SSL Client auth

Posted on 2014-03-21
3
381 Views
Last Modified: 2014-03-21
I read some sites on SSL client auth, but am having trouble wit this concept.

Apparently the client is authroized by n X.509 certificate unique to the client, and no uid and pw is required.

Is this correct, and where does the x.509 client certificate get stored, in the server or the client.

How does htat work
0
Comment
Question by:Anthony Lucia
  • 2
3 Comments
 
LVL 28

Expert Comment

by:becraig
ID: 39945892
The concept works this way:

1 A key (cert) is generated and the server Access Control list is updated to include the key

2 When the client connects to the server if a client ssl is required the client checks it's store for the relevant cert (Current user if user based - local machine if computer based)

3 In most instances serial or thumbprint or both or other aspects are matched and the server authenticates the client.

Since certificate based authentication is key pair based the client may in some instances have both the public and private keys, while the server would have a copy of the public or the thumbprint etc depending on how this is designed.


See here for more detailed info:
http://docs.oracle.com/cd/E19424-01/820-4811/aakhe/index.html
0
 

Author Comment

by:Anthony Lucia
ID: 39946000
Regarding the following:

1 A key (cert) is generated and the server Access Control list is updated to include the key

Open in new window


How does this happen.  Is this a manual process, and is the user cert preloaded or forcibly loaded into the server SSL (kind of like the cert authority in regular SSL)  ?
0
 
LVL 28

Accepted Solution

by:
becraig earned 500 total points
ID: 39946051
Any number of ways:

If this is a server to server call, the client server can simply request a certificate from a publicly trusted CA and then share the public key with the Web server requiring client auth.

This can also be done in an enterprise environment by having the Enterprise CA issue the certificate for the clients.

It all depends on the model you wish to implement:
Internal or external solution
Server to server or user to server.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now