Re: How do I make a local machine client certificate available to all users?
- From: "Assimalyst" <c_oxtoby@xxxxxxxxxxx>
- Date: 8 Nov 2006 01:51:52 -0800
I will elaborate on the situation as i am still a little unclear on the
bets course of action.
I have Windows server 2003 SP1 running a website. I want to allow only
specific machines to access this website over the internet. They will
likely originate from 1 or 2 IP addresses, belonging to bureau of
machines, where users may be using different machines within the bureau
day to day.
Ideally i would like to be able to track which machines are logged on,
and which user is logged on with that machine. I can track users
through the website, but am not so sure how to track the machine.
I thought by using client certificates that the machine could be
tracked, but the certificate is installed on a per user basis. I found
i was able to install on the local machine certificate store, but the
certificate still needed to be installed per user for them to gain
access to the website.
Any comments would be much appreciated.
Assimalyst wrote:
Hi David,
Thank you for your response.
Yes, the intention is to allow a machine access regardless of user, the
website has a user login to track that.
So it seems client certificates are not the way to go on this? I will
look into IPSec, but of course any further comments are always welcome.
Thanks again
David Wang wrote:
What are you trying to accomplish?
Are you trying to install one client certificate on machine and have
all users logged into that machine automatically use that certificate
to make a SSL request to your server? Because if so, what you want is
very contrary to the whole security design of a client certificate.
The whole purpose of client certificate is proof of identity. If you
have multiple users that can use the same certificate, you might as
well not bother requiring client certificates in the first place.
Unless you are trying to enforce the requirement that only certain
machines with client certificates, used by anyone, can access your
server, but you can do that in other ways, like with IPSec.
So... can you please describe what you are actually trying to do?
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
Assimalyst wrote:
Hi,
Using Windows Server 2003, i have set up a standalone certificate
using the certsrv tools.
When a client machine registers you can use the advanced form to 'Store
Certificate in Local Computer Certificate Store'.
This all works as intended when the client machine registers, but when
a user logs on to the site using IE6 they still are met with the 'The
page requires a client certificate' web page.
I know i can export the local machine store certificate and then import
per user through IE, but is there an easier way to do it? Ideally i
want all users on a particular machine to automatically use the local
computer stored certificate without need for individual IE install.
Thanks for your help.
.
- Follow-Ups:
- References:
- Prev by Date: Re: How do I make a local machine client certificate available to all users?
- Next by Date: Re: How do I make a local machine client certificate available to all users?
- Previous by thread: Re: How do I make a local machine client certificate available to all users?
- Next by thread: Re: How do I make a local machine client certificate available to all users?
- Index(es):
Relevant Pages
|
