Client Certificate signed by CA
Hi All,
I'm interfacing with a bank API that requires a client certificate (signed by a third party CA) to be attached for certain requests (EG: initiating an ACH transaction). My code will be deployed in the form of a DLL to multiple desktops within our office which can then be used by another windows application.
So a few questions based around this:
Is it possible to configure all the clients to use the same hostname or does that present issues? (We're natted, but we also have redundant internet connections so I'm worried about the source IP).
if it's just an X509 Certificate, is that the same thing as the coding certificate or is there some other kind of cert used for clients?
Best vendor for the kind of certificate needed?
Thanks in advanced.
I'm interfacing with a bank API that requires a client certificate (signed by a third party CA) to be attached for certain requests (EG: initiating an ACH transaction). My code will be deployed in the form of a DLL to multiple desktops within our office which can then be used by another windows application.
So a few questions based around this:
Is it possible to configure all the clients to use the same hostname or does that present issues? (We're natted, but we also have redundant internet connections so I'm worried about the source IP).
if it's just an X509 Certificate, is that the same thing as the coding certificate or is there some other kind of cert used for clients?
Best vendor for the kind of certificate needed?
Thanks in advanced.
I am guessing that it is some sort of client authentication certificate
https://www.digicert.com/client-certificates/ which identifies the user, so each user that requires access must have their own certificate
https://www.digicert.com/client-certificates/ which identifies the user, so each user that requires access must have their own certificate
ASKER
Hi David,
I'm going to take a look into that. Thinking we might be able to get away with one for the company . . . just use the same certificate per person, and have the application control who has access.
Still very early in the research phase, will let you know what I find but thanks for the lead.
-Kyle
I'm going to take a look into that. Thinking we might be able to get away with one for the company . . . just use the same certificate per person, and have the application control who has access.
Still very early in the research phase, will let you know what I find but thanks for the lead.
-Kyle
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much for the information. I have a call today at 2:00 PM with digicert to get more information from them. I'm thinking we can literally use the same cert and just keep the (virtual) user the same.
Unfortunately no AD here as of yet - one of the many to dos on my list.
Will post back with the info that I find - but really appreciate the clarifications.
Unfortunately no AD here as of yet - one of the many to dos on my list.
Will post back with the info that I find - but really appreciate the clarifications.
ASKER
After talking with support it was confirmed that all we need is a client certificate and if we don't care about who is invoking the API we can get away with one client cert. Thanks very much for the information.
When they say they require a client certificate they should be explicit on what type of certificate they require.