PKI authentication for OpenRasta

匿名 (未验证) 提交于 2019-12-03 09:52:54

问题:

I'm looking at implementing PKI authentication ( 2 way SSL requiring x.509 certificates) for OpenRasta service.
Any ideas on how to go about this?
Thanks

回答1:

I assume that you're using the HttpListener hosting.

To enable SSL / Client certifiacates, those settings are set by httpcfg.

You can find some information at http://msdn.microsoft.com/en-us/library/ms733791.aspx. More specifically, you should be able to enable SSL with client certificates using

httpcfg set ssl -i 0.0.0.0:8012 -h 0000000000003ed9cd0c315bbb6dc1c08da5e6 -f 3 

On platforms where that tool can be used. The -u is your ip/port. You probably want -f 3 as this maps the client certificate to a windows account, but -f 2 would do the transport security without caring for setting authentication. -h is the thumprint of the certificate, which should be installed in the destination server's certificate store, you can find that with the usual windows admin tools.

There's also a tool that lets you control http.sys at http://httpsysconfig.codeplex.com/



标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!