Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SSL vs. SSL Client authentication configuration

Posted on 2014-03-27
3
Medium Priority
?
452 Views
Last Modified: 2014-03-28
In SSL client auth, the client sends a cert to the server, the server checks its ACL and to see if it has a matching cert, if so it allows the client to continue.

In SSL, the handshake is more complex, but basically ends up with a Server ACL of certs with private keys, and the client sends a cert that hopefully matches one in the ACL

My question is, is there anything you have to do different to set up a SSL client auth, that you do NOT have to do when setting up the SSL

To put it another way, is the 'set up' the same for both SSL and SSL client auth

Thanks
0
Comment
Question by:Anthony Lucia
  • 2
3 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39960363
Setting up SSL for your website / endpoint is a bit more simple in that you simply request the certificate and bind it to the relevant website.

e.g.
Here is a link to the iis site explaining how to request accept and bind an SSL cert to a website:
http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

SSL client auth is slightly more complicated, in that you have to determine the model:
If it is a user to server, you could have the private key reside on the server and distribute the public key to users.

If it is a server to server call it could be a situation where the server calling into your application has it's private key and gave you a copy of the public so you can validate it is the calling server:

There are many client ssl scenarios (here are a few below)

http://technet.microsoft.com/en-us/library/cc732996%28v=ws.10%29.aspx

The link above will outline three scenarios.

Map Client Certificates One-to-One (IIS 7)
Map Client Certificates Many-to-One (IIS 7)
Map Client Certificates by Using Active Directory Mapping (IIS 7)


Server SSL for https is a straightforward thing the certificate pair is present on the Web server so when the traffic is encrypted between user and server since the server is the only one with the Private key to complete the handshake.



Client SSL can be any one of a number of scenarios as outlined above.
0
 

Author Comment

by:Anthony Lucia
ID: 39960403
If I am assuming a client to server situation (lets just say a single coient at thist ime),

is the configuration for SSL client auth identical to SSL ?

Many Thanks
0
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 39960416
No the configuration would not be.

You would have to configure IIS to expect the client certificate and indicate what cert to accept.


This tells you how to set up client certs in IIS 7

http://technet.microsoft.com/en-us/library/cc753983%28v=ws.10%29.aspx
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question