best way to do it: on firsttime client run: - client generates a private key - client sends its public key to your server - server can decide wether or not to sign this key - server stores the public key - server sends signed key back to client - client stores his private key along with the signed public key somehwere (of cource secured with a password)
on every client run: - client ask the user for the private key password - client does ssl to you server - server asked for client authentication - client does client authentication - server checks the public certificate and grands access Have fun! ;-) It took me about 3 weeks to implement it under a windows system, but i already had a CA like infrastructure. --sk PS: You can hire me! ;) >I'm working on the development of a client/server system. We want to ensure >that only our client application can access our server. For that we want to >use a client certificate. We have to hide the client, server and root >certificates securely inside the client application. Are there any >suggestions how to do this? > >Ernst > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [email protected] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
