Re: Client Certificates

From: Bernd Eckenfels (ecki-news2002-08@lina.inka.de)
Date: 08/30/02 

From: Bernd Eckenfels <ecki-news2002-08@lina.inka.de>
Date: 30 Aug 2002 09:18:08 GMT

In comp.security.unix Ryan <mattycruft@daemons.net> wrote:
> When using client certifcates to validate clients, what
> mechanisms exist to prevent someone from stealing a cert,
> and pretending to be someone else? I am trying to figure
> out the most secure way to verify clients when they are
> using client side certs.

you must store them on a smart card or other type of secure token.

Greetings
Bernd

Relevant Pages

  • Re: IIS website - only allow users with client cert from our CA. P
    ... Rootyou wish to permit certificates issued from for access to your site. ... our CA's client cert? ... I only have a server certificate from our CA ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS website - only allow users with client cert from our CA. Possi
    ... > Why does IIS allow me to see my website when it doesn't have ... > our CA's client cert? ... I only have a server certificate from our CA ...
    (microsoft.public.inetserver.iis.security)
  • RE: Certificate logon on Unix
    ... I don't know of any package but there is prolly one out there you should ... The good news is that getting fulle client ... and server side authentication is pretty easy so it will work as a quick ... setup your CA and make the root cert Pbk available to everyone. ...
    (Security-Basics)
  • Re: Radius Server
    ... > so I'm guessing the client needs the Server Certificate, ... > export it from the server and import it to the client. ... >> But if you deployed EAP-TLS, you need a server cert and a client ...
    (microsoft.public.windows.server.networking)
  • Re: EAP-TLS / Radius & AD
    ... I'm especially interested in the part "IAS authenticating the client by ... >> What checks must the authentication server perform against AD to be ... > the cert, ...
    (microsoft.public.internet.radius)