Sonu Kishore schrieb: > > how do i ensure that the certificate user "A" presents, with his user id and > password was issued to him and not to any other user.... > > it is possible that user "A" logs on to my web site with his user id/ password > but uses user "B" certificate... in such a case non-repudiation becomes > ill-logical.
The presentation of a certificate means the following (see http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html): 1. the client sends it's certificate 2. the client sends a signed challenge The server accepts a certificate only if the client signs with the appropriate key a challenge which the server sends to the client. It is not possible that user B present the certificate of user A withut having the private key. > The first time user goes to my openca and requests for a certificate.. > certificate is issued to the user. > > The issued certificates are directly stored into my ldap..using ra interface. > > the ldap now has user id, password and the certificate > > my web site uses this ldap to authenticate the user and give access to the > site. Sounds very good. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- In remembrance www.osdn.com/911/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
