Re: require client certificates SSL
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Tue, 9 May 2006 17:34:54 +0200
Almost anything is possible ;-)
--
Mike
Microsoft MVP - Windows Security
"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in message
news:ehwUSU3cGHA.1272@xxxxxxxxxxxxxxxxxxxxxxx
So it is impossible :-)
Fré
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:%23%232tSJ3cGHA.3472@xxxxxxxxxxxxxxxxxxxxxxx
Then you have a lot of work to do. If you want to set up your own CA
server (related articles are listed in my previous article) you have to
think how users (or you) will safely generate requests and then how you
will transfer certificates with private key to users (again in safe way).
In the end you will also have to think how to make these users trust you
CA server.
This is something that you can avoid if you use commercial CA server like
Verisign or Thawte since users already trust these CA servers.
--
Mike
Microsoft MVP - Windows Security
"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in message
news:%231$yXL2cGHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
The users will not be part of the domain.
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:OwVsn5rcGHA.3888@xxxxxxxxxxxxxxxxxxxxxxx
It depends. Would these users be part of your domain? If yes then the
best answer is by using Microsoft Enterprise CA server.
Here are some articles on how to set up Microsoft CA and how to deploy
certificates to users.
Best Practices for Implementing a Microsoft Windows Server2003 Public
Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Implementing and Administering Certificate Templates in Windows Server
2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
--
Mike
Microsoft MVP - Windows Security
"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in
message news:eDuCd3mcGHA.3472@xxxxxxxxxxxxxxxxxxxxxxx
And how do I have to make a client certificate?
Fré
"Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx> wrote in message
news:e3GAIDHcGHA.1264@xxxxxxxxxxxxxxxxxxxxxxx
If you enable that option the users will have to authenticate with
user's certificate. This also means that you will have to deploy
client certificate to any users that will need to access your web
server.
--
Mike
Microsoft MVP - Windows Security
"Frederik Vanderhaeghe" <frederikvanderhaeghe@xxxxxxxxx> wrote in
message news:eKLs$WFcGHA.1320@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I made a certificate with SelfSSL and it is added to the site.
I see the option 'require client certificates', what does that mean?
How can
it be initiated?
Fré
.
- References:
- require client certificates SSL
- From: Frederik Vanderhaeghe
- Re: require client certificates SSL
- From: Miha Pihler [MVP]
- Re: require client certificates SSL
- From: Frederik Vanderhaeghe
- Re: require client certificates SSL
- From: Miha Pihler [MVP]
- Re: require client certificates SSL
- From: Frederik Vanderhaeghe
- Re: require client certificates SSL
- From: Miha Pihler [MVP]
- Re: require client certificates SSL
- From: Frederik Vanderhaeghe
- require client certificates SSL
- Prev by Date: Re: require client certificates SSL
- Next by Date: Re: require client certificates SSL
- Previous by thread: Re: require client certificates SSL
- Next by thread: Re: Password protect web page
- Index(es):
Relevant Pages
|
