Yes, “possible”. That’s why I specifically said “practical”. To paraphrase John F Kennedy’s “Moon Speech”… we choose to do these things not because they ARE easy, but because we THOUGHT they’d be easy”. :-)
If using a client cert to authenticate a user were easy, I’d investigate that further. Maybe I’ll dig into that later… Thanks for the info, always enlightening …. 🙂 On Sun, Jun 15, 2025 at 00:06 Rob van der Heij <[email protected]> wrote: > It is obviously possible to exchange a certificate once the SSL connection > is ready, as part of some home-grown protocol. Your client would need hold > that signed certificate and present it to the server. You might be able to > reuse some logic from GETSHOPZ where we do digital signature verification. > The client would have their signed credentials on file, but it's not > something like a password that could be used for other authentication. The > server side would not need to validate a password but only decode the > certificate that you signed. > > Rob > > On Sun, Jun 15, 2025, 01:49 Donald Russell <[email protected]> wrote: > > > Thanks Jack, > > > > No, I don’t want any sort of api/gateway/proxy thing. I was just asking > if > > some sort of certificate sign-in was practical. > > > > > > > > On Sat, Jun 14, 2025 at 10:31 Jack Woehr <[email protected]> wrote: > > > > > On 6/14/25 08:02, Donald Russell wrote: > > > > If I have a (z)cms pipe application using tcplisten, how can I make > > sure > > > > the in/outgoing traffic is encrypted? > > > > > > > > > Can you put the connection behind some kind of API gateway? > > > > > > > > > Jack Woehr # “A learning experience is one of those > things > > > IBM Champion 2021-2025 # that says, 'You know that thing you just > did? > > > http://www.softwoehr.com # Don't do that.'” ― Douglas Adams > > > > > >
