You should set up you're server to do a man-in-the-middle attack defense.
Check that the ip address stored in the cert (could be stored in the common
name field) corresponds to the ip address of the peer trying to connect to
you're server. That way someone elsewhere using an exported certificate
will fail to connect because they don't hold the correct ip.
----- Original Message -----
From: "werner fraga" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 28, 2001 1:38 PM
Subject: can we prevent export of a personal certificate?
> we are using openssl to issue personal certificates to
> our employees so that we can restrict access to our
> website.
>
> we would like to prevent users from moving these certs
> from their PC to another PC.
>
> is there any way to tag these certificates so that a
> browser will refuse to export them?
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
