Re: client certificates

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 04/07/05

• Next message: Kevin Spencer: "Re: How to run aspnet with system account"
• Previous message: [MSFT]: "RE: client certificates"
• In reply to: Shaun Wilde: "client certificates"
• Next in thread: Shaun Wilde: "Re: client certificates"
• Reply: Shaun Wilde: "Re: client certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 6 Apr 2005 22:43:53 -0500

I'm not sure if you can do #1 with client certificates as that is handled by
the client, not the server. There is a new IE 6 DOM method that allows you
to clear client credentials, but I'm not sure if that works with
certificates and it only supports that browser.

Regarding #2, I don't understand what you mean. Are you trying to sign some
data with the user's private key? To do that, you'll need code running on
their workstation (.NET control or ActiveX). You don't have the user's
private key on the server, so you can't sign anything server side.

Can you explain more?

Joe K.

"Shaun Wilde" <shaun_wilde@nospam.nospam> wrote in message
news:OqKGcdtOFHA.3072@TK2MSFTNGP09.phx.gbl...
>I am authenticating users to a site using client certificates and all is
> well
> except for a few issues.
>
> #1) Once a browser has been challenged, if the user leaves the site in the
> same browser and then returns the browser isn't recallenged even if the
> session has expired. Is there a way to force a rechallenge?
>
> #2) If I want to use the certificate to sign some data I'd like the user
> to
> present the password again to their certificate (to avoid the popped to
> toilet security scenario), this is for critical processes.
>
> I tried opening up child windows etc however it seems that parent/child
> windows share this authentication information by default and I can't see
> how
> to stop that?
>
> Thankx
>
> Shaun Wilde
>
>

---

• Next message: Kevin Spencer: "Re: How to run aspnet with system account"
• Previous message: [MSFT]: "RE: client certificates"
• In reply to: Shaun Wilde: "client certificates"
• Next in thread: Shaun Wilde: "Re: client certificates"
• Reply: Shaun Wilde: "Re: client certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: copy files from internet using authenticate certificates ... Just use ASP.NET on the server, configure your IIS server to use SSL and ... require client certificates. ... you'll need some kind of software that runs when the laptop ... > How I need to use these certificates is the confusing part. ... (microsoft.public.dotnet.general) RE: certificates ... Try installing the Root CA Certificates for both of your Certificate ... use certificates from either CA to authenticate to either Web server. ... |>client certificates generated with Cert ... (microsoft.public.inetserver.iis.security) Re: Digital Certificate Implementation TN3270 ... Client certificates allow the server to authenticate the client. ... The use of client certificates has no bearing whatsoever on the prevention of man-in-the-middle attacks. ... To prevent this kind of attack with a mainframe emulation, you need to make sure that your client: ... (bit.listserv.ibm-main) Certificate Server Hierchy Question ... I am trying to set up a website that will require client certificates and I ... Server Certificate Server but I am a little bit unsure on the hierchy of the ... can the Subordinate Root be on the same server as the web ... (microsoft.public.win2000.security) Howto get ssl client certificates working in my setup? ... I'm trying to get client certificates working on two of my systems. ... Certificate server is installed on TS, ... Browser is IE6. ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)