Re: preventing client certs to be used by multiple users??
- Original Message - From: Conrad Friedrich [EMAIL PROTECTED] To: modssl-users@modssl.org Sent: Wednesday, August 31, 2005 11:49 PM Subject: preventing client certs to be used by multiple users?? Hello, Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? Many thanks Conrad Friedrich The other replies pretty much says it all. If you're trying to prevent people from sharing their access to your data then have them sign some papers instead. Certificates and login credentials just won't do that for you. /Daniel __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
preventing client certs to be used by multiple users??
Hello, Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? Many thanks Conrad Friedrich __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
preventing client certs to be used by multiple users??
Hello, Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? Many thanks Conrad Friedrich __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: preventing client certs to be used by multiple users??
On 8/31/05, Conrad Friedrich [EMAIL PROTECTED] wrote: Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? The client certificate acts as the user's identity. If the user gives away his/her identity or the identity is stolen, then someone else can authenticate to the server using that identity, and that's just the way it is. This is no different than a username/password means of establishing user identity, really, except that the user has perhaps better ways to protect a client certificate than he does a username/password. If the user intentionally gives away the certificate, there's nothing you can do about it. Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? I haven't seen any such tool but that doesn't mean there isn't one out there. Anybody else heard of such a thing? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]