Re: standalone CA customized certificate

More questions inmline...

In article <6B07D5F8-DB2E-4AD5-83AA-
2CE1D88F4E7B@xxxxxxxxxxxxx>,
SunilVirmani@xxxxxxxxxxxxxxxxxxxxxxxxx says...
Brain,

I am sorry because of my limited knowledge. Let me explain the architecture
of my software

My software is divided into 3 parts

Terminal Software - run on thin terminal
Management Server - run on windows 2003 server
VPC Software- run on virtual pc.


who wrote thie management server. This is the key to
whether your application would work. I know of no
management server software that does what you want with
certs today.

1.To connect to VPC , thin client has to run Terminal Software
2.Terminal Software has to pass serial number and processor type to Mgmt
Server.

3.Management Server will authenticate the information passed.
4.Once the mgmt server authenticates the client , it will send message to
VPC agent to open the RDP port.

This is not the way VPC would work. You would only be
connecting to the VPC agent using the RDP port? If you
are using htis, the only attribute of the certificate
that is looked at is the EKU attribute and it must have
the Client AUthentication OID. In addition, the RDP
client is hard coded to *only* look for smart card-based
client authentication certs, definitely not machine
certs....


Thus only thin terminal authenticated by the VPC is able to connect to the
virtual PC.

Now while passing serial number and processor type in step 2 , i want to
pass this information encrypted using the private key of machine certificate.
So now server can verify the information is sent by the right machine.

You are reinventing the wheel. The RDP connection can
use TLS to encrypt the information. You have the key
exchang backwards. When you connect to a server, you
validate the server certificate. The server certificate
is used to protect a symmetric key that is used to
encrypt any data. A client machine certificate is never
used to protect data. It is the responsibility of the
server cert.


Please let me know if you have any question.

Your architecture seems to be flawed. Look to standards,
rather than creating your own solution.


<snip>
.

Relevant Pages

  • Re: LDP client authentication fails
    ... The remote server has requested SSL client authentication, ... I have copied the personal certificate as follows: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Need help configuring Wireless Connection profile
    ... "point" the info of the Radius authentication to your current Radius server. ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)