Re: Client Certificates

From: Bernd Eckenfels (ecki-news2002-08@lina.inka.de)
Date: 08/30/02


From: Bernd Eckenfels <ecki-news2002-08@lina.inka.de>
Date: 30 Aug 2002 09:18:08 GMT

In comp.security.unix Ryan <mattycruft@daemons.net> wrote:
> When using client certifcates to validate clients, what
> mechanisms exist to prevent someone from stealing a cert,
> and pretending to be someone else? I am trying to figure
> out the most secure way to verify clients when they are
> using client side certs.

you must store them on a smart card or other type of secure token.

Greetings
Bernd