Re: require client certificates SSL



I read that a client certificate can be made by exporting the certificate on
the server. If I give that certificate to the clients, by just e-mailing
them, and they install the certificate, will they trust my CA server then?
Or am I forgetting something?

Fré

"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in message
news:%23NWVwZ3cGHA.2068@xxxxxxxxxxxxxxxxxxxxxxx
Or how long would you think this would take to set up?

Fré

"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in message
news:ehwUSU3cGHA.1272@xxxxxxxxxxxxxxxxxxxxxxx
So it is impossible :-)

Fré

"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:%23%232tSJ3cGHA.3472@xxxxxxxxxxxxxxxxxxxxxxx
Then you have a lot of work to do. If you want to set up your own CA
server (related articles are listed in my previous article) you have to
think how users (or you) will safely generate requests and then how you
will transfer certificates with private key to users (again in safe
way). In the end you will also have to think how to make these users
trust you CA server.

This is something that you can avoid if you use commercial CA server
like Verisign or Thawte since users already trust these CA servers.

--
Mike
Microsoft MVP - Windows Security

"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in
message news:%231$yXL2cGHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
The users will not be part of the domain.


"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:OwVsn5rcGHA.3888@xxxxxxxxxxxxxxxxxxxxxxx
It depends. Would these users be part of your domain? If yes then the
best answer is by using Microsoft Enterprise CA server.

Here are some articles on how to set up Microsoft CA and how to deploy
certificates to users.

Best Practices for Implementing a Microsoft Windows Server2003 Public
Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

Implementing and Administering Certificate Templates in Windows Server
2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx

PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx

Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx

Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx

--
Mike
Microsoft MVP - Windows Security

"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in
message news:eDuCd3mcGHA.3472@xxxxxxxxxxxxxxxxxxxxxxx
And how do I have to make a client certificate?

Fré

"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:e3GAIDHcGHA.1264@xxxxxxxxxxxxxxxxxxxxxxx
If you enable that option the users will have to authenticate with
user's certificate. This also means that you will have to deploy
client certificate to any users that will need to access your web
server.

--
Mike
Microsoft MVP - Windows Security

"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in
message news:eKLs$WFcGHA.1320@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I made a certificate with SelfSSL and it is added to the site.
I see the option 'require client certificates', what does that
mean? How can
it be initiated?

Fré


















.



Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Cannot sync Windows mobile with sbs2003 server
    ... Windows Mobile OS to the SBS2003 server at work so that he can read e-mails. ... What certificate do Microsoft recommend here, and where can this be bought? ...
    (microsoft.public.pocketpc)
  • Re: Need help configuring Wireless Connection profile
    ... Now life is good in the Windows wireless world. ... now have a secure wireless setup within my small business server environment. ... "point" the info of the Radius authentication to your current Radius server. ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... credentials at the login prompt for Windows Server 2003 on the server ... The certificate is a public thing, ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: EAP-TLS with windows CE
    ... Thanks for the quick response. ... Windows CE then prompts the wireless user for the ... to the AP which gets passed on to an authentication server (RADIUS or ... nothing to do with the contents of the certificate at all. ...
    (microsoft.public.windowsce.platbuilder)