> I've been building a small https client & everything has gone quite well.
> Now I've been told that I need to include support for client authentication
> using a standard x.509 certificate & I am stumped.
How do you manage client trust to your server? how do you know
that you are really communicating in a confidential way with the
intended server?
Is there a configuration file with 'trusted CAs or server certs', etc?,
>
> Is the certificate just going to be a file? Do I just have to set a path to
> it, or is there some sort of installation that I need to do?
It depends what kind of https client software you are building.
>
> As you can tell, I'm at a real basic level with this one. I've looked at the
> command line tool documentation, but I don't know what I'm looking for.
You can for example (mis)use a PKCS12 file containing a user key-pair/cert and
even some trust base.
For example, if you want to make a simple client/server protocol based on
https between some client software and one service, where each user has
access to his/her server, you could use a file (or a hardware token) with
three things:
- a key/pair for the user,
- a corresponding cert
- a cert of the server containing a service URL somewhere.
This file completely describes the information concerning a user.
(The client software may need one configuration parameter about
https proxies, this might be handled independantly from the
user parms and considered as a parameter of the workstation and
not of the USER.)
Peter Sylvester
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
