Thank you very much :) Now I got the whole picture. Best regards
-----Original Message----- From: Arno Garrels Sent: Wednesday, June 15, 2011 2:43 PM To: ICS support mailing Subject: Re: [twsocket] SSL server and CLient cert.
Arno Garrels wrote:
If clients may connect from dynamic IP addresses a certificate can neither be issued to an IP nor to a DNS name, hence rather useless. In such case a good password is as secure as a client certificate that i.e. has some ID in it's common name field.
Not quite correct since a client certificate might be safer since the server will check client certificate's issuer.
However a client certificate including its key can be stolen or given to some non-authorized third party.
And if both clients and server are under your control it is not required to buy a certificate, just create your own CA and certificates (server and client if you like).
And if you prefer GUI over command line tools have a look at XCA (sourceforge.net) to manage you own CA. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
