Hi..
Form Last few days Even I am also working on SSL Implementation.
I am Using Jboss 5.1.0 GA.
I had implemented server certificate but i dont knwo how to implement
Client / Server Mutual Authentication.
Do U work On that part ? can u help me .?
another Issue I have is I can access my application from server but if i
access the same application from Client Machine I am getting following
exception
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: }
Thanks an advance..
Please Replay....
On Tue, Nov 10, 2009 at 3:59 AM, Jorge Medina <jmed...@e-dialog.com> wrote:
>
> OpenSSL hashes the subject name.
> " This is used in OpenSSL to form an index to allow certificates in a
> directory to be looked up by subject name. "
> but that seems weak.
>
>
> http://www.openssl.org/docs/apps/x509.html#http://www.openssl.org/docs/apps/verify.html#
>
>
>
>
> -----Original Message-----
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Monday, November 09, 2009 2:06 PM
> To: Tomcat Users List
> Subject: Identifying Clients via SSL Certificates
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> I've been playing around with client SSL certificates, not for
> authentication per se, but as a gateway to a relaxed authentication
> mechanism for one of our webapps.
>
> I have a client SSL cert working (see my previous thread "mod_jk & Client
> SSL Certificates") and successfully verifying the signature of the client
> cert by the server.
>
> I'd like to be able to uniquely identify the client certificate being used
> to authenticate via SSL, but I'm a newbie at this sort of thing and I'd
> appreciate some suggestions as to how to do that. A few ideas I've had are:
>
> 1. Use a directory-style 'CN' attribute like "UID=myuniqueid"
>
> 2. Use the fingerprint of the client certificate
>
> 3. Use the full text of the client certificate
>
> All 3 of the above can be used to then link to appropriate records in the
> database for limited authentication.
>
> Does anyone have any suggestions or preferred techniques?
>
> Thanks,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkr4aBwACgkQ9CaO5/Lv0PDIFgCfb69oibXH3GAwQ1R4z40eux+w
> lQcAoL5rFQHQX2rSWjh1LVoptUHXCQLt
> =gPOY
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
