On 14/07/2021 13:31, Matt Caswell wrote:
>
>
> On 13/07/2021 19:44, Christian Schmidt wrote:
>> Hello all,
>>
>> I am currently trying to build both client and server of an application
>> that uses TLS 1.3 and mutual authentication using certificates. The
>> application works so far - I can
On 13/07/2021 19:44, Christian Schmidt wrote:
Hello all,
I am currently trying to build both client and server of an application
that uses TLS 1.3 and mutual authentication using certificates. The
application works so far - I can establish connections, certificates are
verified, data is
Hello all,
I am currently trying to build both client and server of an application
that uses TLS 1.3 and mutual authentication using certificates. The
application works so far - I can establish connections, certificates are
verified, data is successfully transmitted, etc.
However, I have an
thing you want to pass to
SSL_CTX_set_client_CA_list(3)
See the docs. Some clients (IIRC Java's TLS stack) don't send any
client certificates unless the server solicits a certificate from
a matching CA, and leaving the list empty may not work for such
clients.
--
Viktor.
--
openssl-users mailing list
gt; On Sep 11, 2018, at 2:09 AM, Armen Babikyan
> wrote:
> >
> > I have a question regarding openssl and verification of client
> certificates. Is there a way to have an openssl-enabled server ask for a
> client certificate, and when it receives one it can't verify, ra
> On Sep 11, 2018, at 2:09 AM, Armen Babikyan wrote:
>
> I have a question regarding openssl and verification of client certificates.
> Is there a way to have an openssl-enabled server ask for a client
> certificate, and when it receives one it can't verify, rather than
Hello,
I have a question regarding openssl and verification of client
certificates. Is there a way to have an openssl-enabled server ask for a
client certificate, and when it receives one it can't verify, rather than
immediately terminating the handshake, it would allow the connection, but
pass
ttings
allows the reading of Md5 Client certificates (which are still being
installed in "not released yet" phones)
I am almost concerned this is being done intentionally to meet some
security downgrade requirement. I the more reason to only use this cert
to bootstrap your own cer
Hi
thanks for all the comments and suggestions, especially the ones I could
understand
centos 7
yum upgrade
openssl version gives:
OpenSSL 1.0.2k-fips 26 Jan 2017
it looks like
echo 'LegacySigningMDs md5' >> /etc/pki/tls/legacy-settings
allows the reading of Md5 Client certif
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Wednesday, September 27, 2017 13:15
> To: OpenSSL Users
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> >
> > Heck, MD4 and MDC
On 09/27/2017 10:10 PM, Michael Wojcik wrote:
> On Behalf Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos
>
>
FIPS mode is a policy decision in my opinion also but since RedHat prides
itself in security e.g. SELinux, etc. I believe that is a RedHat decision
as opposed to the OpenSSL community. The alternative would be to use a
different Linux distro like Ubuntu, etc. which does not compile their
OpenSSL
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos:
>
> Ugh. No need for 0.9.8e (which is from, what, the early Industrial
> Revolution?). MD5 is still available in OpenSSL
rs@openssl.org
> > Subject: Re: [openssl-users] Hardware client certificates moving to
> Centos 7
> >
> > I don't know offhand which OpenSSL versions did away with MD5, but you
> > *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
> > straight off Ce
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> I don't know offhand w
On 09/27/2017 02:07 PM, Stuart Marsden wrote:
> Is there a way a can install a version of openssl on a dedicated standalone
> Centos 7 server which will support these phones?
> That would be preferable to me than having to leave Centos 6 servers just
> for this
I don't know
On 09/27/2017 08:07 AM, Stuart Marsden wrote:
Hi
I think I know what you are going to say - MD5?
Lots of problems with that cert. If you have some connection with the
vendor, have them read IEEE 802.1AR-2009 standard for Device Identity
credentials. You will be supporting this phone
Hi
I think I know what you are going to say - MD5?
I ran openssl s_server -verify , then ran the x509 command as you suggested
using the captured client certificate
This phone model has only just gone into production, and I am using a "preview
version" of the hardware
Is there a way a can
On 09/26/2017 08:04 PM, Kyle Hamilton wrote:
openssl x509 -noout -text -in clientcertificate.pem
You may need to extract the client certificate from wireshark, but you
could also get it from openssl s_server.
Specifically, that error message is suggesting that there's a message
digest
openssl x509 -noout -text -in clientcertificate.pem
You may need to extract the client certificate from wireshark, but you
could also get it from openssl s_server.
Specifically, that error message is suggesting that there's a message
digest encoded into the certificate which is unknown to the
On 09/26/2017 11:26 AM, Stuart Marsden wrote:
Hi
I have Centos/Apache servers for securely provisioning IP phones using hardware
client certificates embedded in the phones.
for this test I have allowed all protocols and ciphers
on Centos 6 this works fine, the rpms are:
openssl098e-0.9.8e
Sorry how can I tell ?
I can run a wireshark if necessary
thanks
> On 26 Sep 2017, at 16:36, Wouter Verhelst wrote:
>
> On 26-09-17 17:26, Stuart Marsden wrote:
>> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding
>>
On 26-09-17 17:26, Stuart Marsden wrote:
> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding
> routines:ASN1_item_verify:unknown message digest algorithm
So which message digest algorithm is the client trying to use?
--
Wouter Verhelst
--
openssl-users mailing list
To
Hi
I have Centos/Apache servers for securely provisioning IP phones using hardware
client certificates embedded in the phones.
for this test I have allowed all protocols and ciphers
on Centos 6 this works fine, the rpms are:
openssl098e-0.9.8e-20.el6.centos.1.x86_64
openssl-1.0.1e-57.el6
On Tue, 6/17/14, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
To: openssl-users@openssl.org
Date: Tuesday, June 17, 2014, 10:53 PM
On Tue, Jun 17, 2014 at
06:48
-CAfile /home/ssl/ca_master
You need to use either the -verify or the -Verify option to
request or demand client certificates. The sever should be using
the server certificate, not the client certificate.
Then use s_client with a suitable certificate.
Signature Algorithm
On Wed, 6/18/14, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
To: openssl-users@openssl.org
Date: Wednesday, June 18, 2014, 11:08 AM
On Wed, Jun 18, 2014 at
07
Perfectly working VM running Amazon Linux with Apache and mod_ssl configured
for client certificates.
Ran yum update to get the latest openssl (OpenSSL 1.0.1h-fips 5 Jun
2014)/mod_ssl(2.2.27 )/httpd(2.2.27) security updates from Amazon's yum
repository.
Now the client certificate checks
On Tue, Jun 17, 2014 at 06:48:28PM -0700, Nelson wrote:
Perfectly working VM running Amazon Linux with Apache and mod_ssl
configured for client certificates.
Ran yum update to get the latest openssl (OpenSSL 1.0.1h-fips 5
Jun 2014)/mod_ssl(2.2.27 )/httpd(2.2.27) security updates from
: Thursday, July 26, 2012 6:42 PM
To: openssl-users@openssl.org
Subject: Re: Help with client certificates
On Wed, Jul 25, 2012, Fili, Tom wrote:
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows
store.
I setup my ssl
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows store.
I setup my ssl connection and it works fine if I set the correct
certificate using SSL_CTX_use_certificate_ASN1
ENGINE_load_private_key.
From what I've read
I need to figure out which client certificates are issued by valid CAs
(according to the server).
I set a callback with SSL_CTX_set_client_cert_cb
In the callback I get the list of CAs from the server with
STACK_OF(X509_NAME) *pX509Names = SSL_get_client_CA_list(ssl)
Now I have
On Wed, Jul 25, 2012, Fili, Tom wrote:
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows store.
I setup my ssl connection and it works fine if I set the correct
certificate using SSL_CTX_use_certificate_ASN1
Certificate Request
Server Hello Done
Client: client never responds
Wrong ciphersuite. Client certificates cannot be requested by anon DH
ciphersuites.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
I just want to wrap up my problem so that others can learn from my
ignorance:
Squid's logs aren't very verbose, so I only got SSL unknown certificate
error 12 , when it suddenly wouldn't accept my client certificates
anymore.
That's the same error you get when a certificate has expired
I am using squid as a reverse proxy with client certificates and
everything was working fine for a month.
But after 02 MAR 2012 17:56 CET client certificates stopped working even
though my self signed ca and certificates are valid way longer.
I think it might be an openssl problem, but feel free
I probably shouldn't have posted so hastily.
Now I think that it it more of a squid problem, because if I put stunnel
in front of it, stunnel handels the certificates fine.
pfSense 2.0.1 (FreeBSD 8.1-RELEASE-p6)stunnel-4.35 openssl-1.0.0_5
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 12:03 -0800:
* Steffen asked...
...on this level
[thanks a lot again for all the clarifications: authentication
levels, authentication-agnostic, URI-dependent certificates,
bugfix because missed intention, MITM tricks twitter to decrypt
and
: there is
no way for a man in the middle to attack in the presence of mutual
authentication.
I thought this data injection attack fails when client
certificates would be used correctly.
It does, in the event that the server configuration does not allow for
non-client-certificated connections in any
this how TLS is intended to be used and the `add a
certificate based on a directory' just some hack because the
user interfaces are as they are (and that are passwords and
BasicAuth when it comes to HTTP/HTTPS)?
I thought this data injection attack fails when client
certificates would be used
Hi,
thank you too for the detailed explanation. But the impact on
the client certificates (and its correct validation etc) is not
clear to me (so I ask inline in the second half of this mail).
* Kyle Hamilton wrote on Mon, Jan 11, 2010 at 14:28 -0800:
The most succinct answer
Responses inline. :)
On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER steffen.dett...@ingenico.com
wrote:
Hi,
thank you too for the detailed explanation. But the impact on
the client certificates (and its correct validation etc) is not
clear to me (so I ask inline in the second half
Hi All,
I am absolutely new to this world of SSL, as will be evident from my
confusions and questions.
I am trying to write a client that will securely connect to N web
servers every T seconds, and retrieve a document: info.txt.
To test it, I wrote the following code (borrowed from:
Rij wrote:
Hi All,
I am absolutely new to this world of SSL, as will be evident from my
confusions and questions.
I am trying to write a client that will securely connect to N web
servers every T seconds, and retrieve a document: info.txt.
To test it, I wrote the following code
From: [EMAIL PROTECTED] On Behalf Of Felix Ingram
Sent: Saturday, 04 October, 2008 10:27
2008/10/4 Dave Thompson [EMAIL PROTECTED]:
The actual failure is the alert 48 unknown ca from the server.
Apparently it doesn't like the cert (or chain) s_client is sending,
but the protocol doesn't
From: [EMAIL PROTECTED] On Behalf Of Felix Ingram
Sent: Tuesday, 30 September, 2008 10:08
I'm having a little trouble testing out some web services for a
client. They have provided us with a couple of pfx certificate files
to allow us to authenticate to their web servers. snip
openssl
Hi Dave,
2008/10/4 Dave Thompson [EMAIL PROTECTED]:
From: [EMAIL PROTECTED] On Behalf Of Felix Ingram
Sent: Tuesday, 30 September, 2008 10:08
I'm having a little trouble testing out some web services for a
client. They have provided us with a couple of pfx certificate files
to allow us to
2008/10/1 vinni rathore [EMAIL PROTECTED]:
Hello,
As your problem says that you are getting local issuer certificate
problem that means that client certificate is signed with a particular
CA certificate and that certificate is not found at the time of
Handshaking.. so please confirm that
Hi Felix
Felix Ingram wrote:
2008/10/1 vinni rathore [EMAIL PROTECTED]:
Hello,
As your problem says that you are getting local issuer certificate
problem that means that client certificate is signed with a particular
CA certificate and that certificate is not found at the time of
Hello all,
I'm having a little trouble testing out some web services for a
client. They have provided us with a couple of pfx certificate files
to allow us to authenticate to their web servers. I can import this
into IE and connect to the site without any trouble but when I try and
use s_client I
Hi ALL,
Is there any function to load multiple client certificates ?
Consider the case that
There
are multiple certificates to client
It
should chose one of the certificate appropriate for particular server .
It
depends the server CA list sent by server.
Please
Konark wrote:
Hi ALL,
Is there any function to load multiple client certificates ?
Consider the case that
There are multiple certificates to client
It should chose one of the certificate
appropriate for particular server
Eric Wertz wrote:
As far as the (re)distribution question has goes, what you probably
cannot do without permission is to redistribute the actual *package* of
certificates that Netscape has put together for the purpose of
embedding
in their browser. Since the overwhelming majority (if
I want to do a commercial client application capable
to handle https (that is the only purpose to include
openssl) and I was wondering if it is legal to
distribute the file that contains the certificates
that were bundled with Netscape.
I am not a lawyer.
Actyally, can a company X generate
I want to do a commercial client application capable
to handle https (that is the only purpose to include
openssl) and I was wondering if it is legal to
distribute the file that contains the certificates
that were bundled with Netscape.
I am not a lawyer.
Not only am I also not a lawyer, I
Eric Wertz wrote:
As far as the (re)distribution question has goes, what you probably
cannot do without permission is to redistribute the actual *package* of
certificates that Netscape has put together for the purpose of embedding
in their browser. Since the overwhelming majority (if not 100%)
I think I got things mixed up. When I sent the email I
thought that the client application needs its own
certificate as well, in order to communicate with a
server using https... I guess I was wrong. I realize
now that the certificates distributed with Netscape
serve the purpose of verifying the
I want to do a commercial client application capable
to handle https (that is the only purpose to include
openssl) and I was wondering if it is legal to
distribute the file that contains the certificates
that were bundled with Netscape.
Actyally, can a company X generate their own
certificates to
I want to do a commercial client application capable
to handle https (that is the only purpose to include
openssl) and I was wondering if it is legal to
distribute the file that contains the certificates
that were bundled with Netscape.
I'm not sure I understand what you are looking
Interesting question - NO it is illegal.Biker Conrad [EMAIL PROTECTED] wrote:
I want to do a commercial client application capableto handle https (that is the only purpose to includeopenssl) and I was wondering if it is legal todistribute the file that contains the certificatesthat were bundled
I have IIS 5.1 running with the server certificate that has been certified by a
CA supported by openssl.
I have also created arbitrary client certificate that has been signed by the
same CA. The client certificate has been successfully imported in to IE and
Firefox as a personal certificate. But
Marcus Carey wrote:
When creating client certificates with following extensions:
basicContraintsCA:FALSE
nsComment OpenSSL Generated Certificate
subjectKeyIdentifier hash
authoritiyKeyIdentifier keyid,issuer:always
keyUsage
When creating client certificates with following extensions:
basicContraintsCA:FALSE
nsComment OpenSSL Generated Certificate
subjectKeyIdentifier hash
authoritiyKeyIdentifier keyid,issuer:always
keyUsage nonrepudiation,digitalsignature
ok I think I figured out one problem - the client side was using a cert
signed with a password protected key, which my script was unable to deal
with. Having fixed that, I am now getting error
140890B2 : SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
on the server side.
and
ok never mind, got it working. My server certificate had expired.
Thanks for all your help.
Stella
On Wed, Nov 12, 2003 at 01:23:15PM +, Stella Power wrote:
ok I think I figured out one problem - the client side was using a cert
signed with a password protected key, which my script was
To a p800 using different technics both using a file and downloding it from a web page.
Trying different extensions and MIME types but no luck ...
--- Ursprungligt meddelande ---
Från: Dr. Stephen Henson [EMAIL PROTECTED]
Ämne: Re: How do one add a client certificates on a p800
On Wed, May 28, 2003, Pär Ahrén wrote:
Hi,
I have searched on the net for hours but have not found the right information.
I have succeeded added a CA-certificate using a DER encoded file.
I have tried to add a client certificate using different formats but no luck!
I have even tried to
Hi,
I have searched on the net for hours but have not found the right information.
I have succeeded added a CA-certificate using a DER encoded file.
I have tried to add a client certificate using different formats but no luck!
I have even tried to make a WTLS like certificate but that doesn't
Please help,
I need to test client certificate authorization on my OBI implementation
but Im darned if I can get Internet explorer to accept my self signed
certificates,
my certificates are imported successfully but the browser presents an
empty certificate window
when I hit my webserver
There are two things you need to do: authenticate and then authorize.
C-Kermit provides hooks to organizations in the form of two functions:
X509_to_user() - who does this certificate represent
X509_userok() - may the user gain access with this certificate
C-Kermit provides two
Gastón Christen wrote:
Hi, I'm new in the apache/openssl world and I have a question (maybe it's me
but I don't understand something about client certificates authentication in
Apache)
I have Apache 2.40 with openssl 0.9.6g running in my win32 machine without a
problem.
I want to establish
Hi, I'm new in the apache/openssl world and I have a question (maybe it's me
but I don't understand something about client certificates authentication in
Apache)
I have Apache 2.40 with openssl 0.9.6g running in my win32 machine without a
problem.
I want to establish an extranet, and let users
Thanks Paul, I'm busy looking at PureTLS as a solution.
-Original Message-
From: Paul L. Allen [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 19:53
To: [EMAIL PROTECTED]
Subject: Re: apache with client certificates
Jose Correia (J) wrote:
[...]
On my Java side I'm using JSSE
: apache with client certificates
Hi there
I set the depth to 1 and I do have my cache set to:
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
Still not working...
Argghhh, this is so frustrating... any other
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: apache with client certificates
Hi all
I'm actually now getting in ssl_engine.log:
[18/Sep/2002 14:41:57 32739] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known
Jose Correia (J) wrote:
[...]
On my Java side I'm using JSSE 1.0.3 together with Innovation's
HTTPClient like:
That's probably your problem. I tried to get a Java/JSSE client
to do client-side authentication with a C/OpenSSL server recently
and couldn't get it to work. I posted a query
,
printed or electronic.
-Original Message-
From: Jose Correia (J) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 8:54 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: apache with client certificates
Actually how does Apache know about the client certificate
I am using Apache 1.3.26 with OpenSSL 0.9.6c and client authentication works for me.
I have
SSLVerifyDepth set to 1 and specified an SSLSessionCache but otherwise my setup is
roughly the
same as yours.
--- Jose Correia (J) [EMAIL PROTECTED] wrote:
Hi all
Is anyone aware of Apache version
Hi,
I have a CA, and I have a web server. The web server's cert is signed by
the CA. On this server I want to only allow those clients which have
valid cert's for accessing it (no anonymous access that is). In apache
this is done by adding a list of the user's certs. This is fairly simple.
If I
- Original Message -
From: David C. Tuttle [EMAIL PROTECTED]
To: OpenSSL [EMAIL PROTECTED]
Sent: Thursday, July 11, 2002 1:13 AM
Subject: Re: Requiring client certificates - how?
On Wed, 10 Jul 2002, Keary Suska wrote:
on 7/10/02 4:33 PM, [EMAIL PROTECTED] purportedly said:
How
do this with
openssl but I could not find enough documantation for this.
* So if anyone can help me for creating and managing client
certificates in a step by step format
I wiill be really happy.
* Any other suggestion and ideas for client authentication in our
situation will also
So I created a cert request with IIS 5.0 and signed the cert with my Red Hat
Linux box. I installed the cert and all works well. Now I want to require
client certificates on the IIS box. How do I go about creating client
certs? I would like to do the creation on the Linux box
I would like to have a user open a webpage and supply DN info. I would
then like the CGI client-side scripts to request a certificate from
OpenSSL on the server (Linux) side, return it to the client and have it
imported into the client's (MSIE/Win2K) store.
As an aside, this is exactly
Dear Openssl users,
In a windows 2000 environment I am attempting to create
1- Root CA
2- IIS https cert
3- multiple client certificates. (to install on IE browsers)
I seem to be able to do the above, although when attempting to use my client
certs I receive a 403.7 error
The root cert
Hello again:
I read the OSPKI book, which pointed me at the sign.sh
script which helped quite a bit. I'm wondering if anyone can
help me with a few specifics.
So far, how I understand a certificate request gets signed
is:
1) put the CSR into a file.
2) generate a configuration file that
Hi,
Can the web client
certificates generate for an Apache Server be used against an IIS Server if we
transfor the certificate format from Apache to IIS?
Many
Thanks.
Nuria
_
Uni2 - Lince Telecomunicaciones, S.A.U.
Aviso
Hello,
I have a question using certificates when using client authentication on
server side.
Normally the client's X509 certificate is stored on the local harddisk and
SSL_CTX_use_certificate_file is used to tell the library were it can be
found, is that right ?
Is it possible to 'forward' an
Hi,
I have a server with openssl
0.9.6.
When someone makes a connection to it, I'd like it
to requestforaclient certificate.
I am using the function SSL_get_peer_certificate( )
once the handshake is finished, after the call to SSL_accept( ). Every time I
get "client does not have a
On 12 Mar, Alan McIlwain Perez wrote:
I am using the function SSL_get_peer_certificate( ) once the handshake
is finished, after the call to SSL_accept( ). Every time I get "client
does not have a certificate".
You have to enable client verification first:
SSL_CTX_set_verify( sslctx,
?
Thanks,
Alan
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 12, 2001 2:00 PM
Subject: Re: asking for client certificates
On 12 Mar, Alan McIlwain Perez wrote:
I am using the function SSL_get_peer_certificate( ) once the handshake
is finished
I've been trying to create a client certificate for IE or Netscape that
can be used to verify a user.
For testing I created a CA certificate which I used to sign a client and
server certificate.
I created the client and server certificates using the openssl command.
I can load the CA certifcate
, March 10, 2001 2:58 AM
::To: [EMAIL PROTECTED]
::Subject: Re: Client certificates: Key store per workstation, not per
::user?
::
::
::So users sharing passwords are at least limited to within an organisation.
::Sounds perfectly reasonable.
::
::I don't know the ins and outs of your client base but I did
of PKI At
the moment I'm inclined to think that no-one shares certs and we all become
our own root CA!!!
- Original Message -
From: "Derek.Browne" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, March 11, 2001 3:48 AM
Subject: RE: Client certificates: Key store per w
.txt
Later,
derek
:
:- Original Message -
:From: "Derek.Browne" [EMAIL PROTECTED]
:To: [EMAIL PROTECTED]
:Sent: Sunday, March 11, 2001 3:48 AM
:Subject: RE: Client certificates: Key store per workstation, not per user?
:
:
: Hi,
:
: This is an interesting problemYou said someth
the security threat #1. Second, I think, that without
client-certificates man-in-the-middle attacks are possible, using tools like
dsniff.
Hence, lacking smart cards, an authentication scheme using userid/pw plus
client certificates werde devised. An administrator can only download and
install
Rainer,
You write,
"...Second, I think, that without client-certificates
man-in-the-middle attacks are possible, using tools like dsniff."
and this is not correct. As long as the client does proper checking of the
server certificate AND you use SSLv3 or h
I need to use the client certificates with IE. I will have a look into the
crypte API.
Thanks
rainer
-Original Message-
From: Greg Stark [mailto:[EMAIL PROTECTED]]
Sent: Freitag, 9. März 2001 18:34
To: [EMAIL PROTECTED]
Subject: Re: Client certificates: Key store per workstation
PROTECTED]
Sent: Saturday, March 10, 2001 4:55 AM
Subject: RE: Client certificates: Key store per workstation, not per user?
I need to use the client certificates with IE. I will have a look into the
crypte API.
Thanks
rainer
-Original Message-
From: Greg Stark [mailto:[EMAIL
Hi,
I'm wondering if anyone can shed any light on a problem I'm having with
Outlook Express? Apologies for posting a load of debug output to the
list, but I didn't really know what was safe to omit.
I'm trying to setup secure IMAP, using stunnel (stage 2 is to go for
secure SMTP as well,
/home/tim/server_cert3_pub_priv.pem -d simap -r imap2 simap
i.e. redirect to local imap port, listen on simap port (993), and insist
on client certificate authentication.
I don't think UofW imapd supports client certificates, but see below...
In Outlook 2000, and Outlook Express 5 (under Win98, with a
1 - 100 of 114 matches
Mail list logo