Results 1 to 2 of 2

Thread: Client Side Certificates

  1. #1
    Join Date
    Jun 2008
    Location
    Dublin, Ireland
    Posts
    298

    Default Client Side Certificates

    Hi,

    I am not sure if this is the right place for this... but here goes anyway.

    I am developing a web site which I need to use Client Side Authentication by way of certificates to validate registered users of the site. I was just wondering if anyone is doing this, and if so how have they deployed the certificates to the clients? I was thinking of secure e-mail for the certificate, and then sending the password to the certificate via secure text message. If I implement that approach I will have to generate the certificates on the fly as it were -> PHP calls shell script containing openssl commands. I think there are probably security implications to that approach, as you are blindly signing certificates. I can't think of any other way to do it. If I was to generate the certs "offline" as it were, I think that might render the whole thing unusable, and I would have to be available 24/7 to generate the certificates.

    Any ideas greatly appreciated?

    /jlar

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: Client Side Certificates

    I never done it myself but I've seen it once deployed by one ISP. IIRC you gave them your password and they generated a PKCS12 token on-the-fly for you which you were supposed to store on your machine to streamline logins to access account info. They stopped doing this after a while and went back to password authentication. Maybe users kept misplacing those tokens.

    I know one bank that uses a Security Token. This is a physical device and less likely to be lost as they charge you money for one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •