• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Digital Certificates and authentication"

Collapse

  • Tensai
    replied
    Originally posted by Jaws View Post
    ...our servers retrieved a file from the CA from the relevant servers at some interval (it may have been daily) and this was applied directly to the web server of the site - so the CA server did not have much of a bearing on overall authentication performance.
    Interesting. Kind of undermines the idea that a cert can be revoked instantaneously.

    Thanks for the info.

    Leave a comment:


  • Jaws
    replied
    Originally posted by Tensai View Post
    Thanks Jaws. Is there a vast difference in the coding for different browsers/OS combinations? Also, any ideas of the responsiveness of the CA servers? Just curious how this scales up.
    I think the main issue is how the server is set up rather than the client, if the server is set up to require a certificate than as long as the client browser supports certificates at all it should be fine. I'm not aware of which browsers have this support and which don't although given that pretty much all of them support SSL the compatibility must be high.

    In terms of responsiveness of the CA servers, at least where I was before (although I may be wrong, and apologies if I am as this was not something I was directly involved with) our servers retrieved a file from the CA from the relevant servers at some interval (it may have been daily) and this was applied directly to the web server of the site - so the CA server did not have much of a bearing on overall authentication performance.

    Leave a comment:


  • Tensai
    replied
    Originally posted by Jaws View Post
    In short I'd yes it is not too much effort (in MS environment) if you know what you're doing.

    I think the difficulty depends entirely on your authentication method. I have dealt with Digitial Certificates used for authentication in the past (for web), and from what I remember the public key is passed in the http header which can then be extracted by the target server.
    Thanks Jaws. Is there a vast difference in the coding for different browsers/OS combinations? Also, any ideas of the responsiveness of the CA servers? Just curious how this scales up.

    Leave a comment:


  • Jaws
    replied
    In short I'd yes it is not too much effort (in MS environment) if you know what you're doing.

    I think the difficulty depends entirely on your authentication method. I have dealt with Digitial Certificates used for authentication in the past (for web), and from what I remember the public key is passed in the http header which can then be extracted by the target server.

    One area I worked on was server to server authentication via a web service. It was just a matter of pointing a web request to the relevent .cer file and performing the request as per normal (ie it was technically very easy to accomplish, the difficulty I suppose was in the initial creation of the certificates used by my stub service for testing). It has been a while since I did it but I remember that my stub service with prompting for a digital certificate. I think that part is set up entirely in IIS.

    I am referring entirely to C#/.NET which natively supports the creation of a http request with X509 certificates attached.

    Leave a comment:


  • Tensai
    started a topic Digital Certificates and authentication

    Digital Certificates and authentication

    [warning : Ridiculously broad question follows.]

    Does anyone out there have experience of implementing the use of public digital certificates (i.e. issued by Verisign for example) in application authentication (web and thick client)? I'm interested in knowing whether it's a b*tch to do or whether there are lots of simple API's to plug into.

    I'm not a programmer (thank God ) so not interested in the technicalities at this stage, just the effort involved.

    TIA

Working...
X