Zaki Akhmad wrote: [...] > Well, I think I am on the same condition as you. I am trying to deploy > OpenCA on my campus. But, I haven't deployed OpenCA perfectly, it's > still on testing phase. [...] > I have succesfully created certificate and export it to LDAP server > using OpenCA. But then, how I use this certificate for application > authentication? In what application did you use certificate for > authentication? I am planning to use this certificate to proxy-server > authentication using squid. But I am still confused, how to do with > this certificate.
Basically, the certificate is the public data while the private key is known only to the user. You should leverage this "private" knowledge in order to have the user authenticated. The easiest way is to build and SSL/TLS authenticated channel. If the presented client certificate is valid and the connection is established it means that the user is in control over the secret key which belongs to the identity stated in the corresponding certificate. So, for example, if you want to authenticate a client (e.g. a browser) it is very easy to require client authentication for https connections. This is mostly used for web-based applications that do not use passwords to authenticate users... Anyway keep in mind that SSL channel setup is independent from http, and that this is easy because you have plenty of software that already works (i.e. Apache ). Of course this is just an example of how you can design your authentication system, there are many different ways to do it of course. I wonder if there could be enough people interested in the subject for undertaking the effort of organizing an "OpenCA Campus Workshop" or a more general "PKI Campus Workshop". --- Max ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
