mutual-authentication

Best practice to store client certificates?

我是研究僧i 提交于 2021-02-19 03:21:45
问题 I am building an app that requires mutual authentication. So I will enable my users to upload a bunch of client certs and when they make calls, they can use either of them. I will match the client cert from the incoming request to see if it matches any of the ones already stored, and if it does, the request will be honored. Now I'm trying to figure what's the best way to store these client certs. I was thinking I could store them in a DB, or some kind of file/blob store, or I've learned they

Google cloud platform Cloud Endpoint SSL/TLS mutual handshake ESP

孤街浪徒 提交于 2021-02-11 13:41:42
问题 I am working on deploying an API solution on GCP where mutual SSL/TLS is required (server and client side certificates). So for the ingress of the traffic (entry point) I found that kubernetes ingress controller has this possibility (NGINX based). I am interested by cloud endpoints which has ESP (extensible service proxy which is also nginx deployment under kubernetes). I couldn't find anywhere in the documentation whether mutual SSL/TLS is available for ESP (cloud endpoint), does anyone know

Mutual Authentication in Scala with Akka

只谈情不闲聊 提交于 2021-02-10 15:14:12
问题 I would create a TLS Session in Scala using Akka with mutual authentication between a client and a server. I have created two CA certificate that have to trust the respective certificates incoming from the other part. Could you give me an exemple of how implement this? Thank you. 回答1: I created a github project which demonstrates mutual authentication with different kind of clients, including Akka. Please have a look here: https://github.com/Hakky54/mutual-tls-ssl It contains a full example

IOS Mutual Authentication

こ雲淡風輕ζ 提交于 2019-12-31 10:42:42
问题 I'm trying to implement mutual authentication in IOS 5 but i'm having troubles: {NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1200 \"An SSL error has occurred and a secure connection to the server cannot be made.\" UserInfo=0x18d830 {NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., _kCFNetworkCFStreamSSLErrorOriginalValue=-9800, _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedRecoverySuggestion=Would you like

Server Client Auth request Subject Distinguished Name but client filter with Issuer Distinguished Name

孤者浪人 提交于 2019-12-25 09:12:36
问题 Currently I have a problem with enable the mutual SSL on server and client. On the server side, I config the tomcat with enable ClientAuth and config the client's certificate to the truststore. So during ssl handshake, I can see the server's certificate request: [java] *** CertificateRequest [java] Cert Types: RSA, DSS, ECDSA [java] Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA,

Enforce Two-Way SSL in Java CXF clients

佐手、 提交于 2019-12-25 03:37:19
问题 Two-Way SSL - or mutual authentication - is typically dictated in HTTPS by the server. For example, this tutorial explains how to set up WildFly application server to require webservice clients to present a certificate during communication. However, in our case we need to enforce Two-Way SSL on the client side. That means our client is configured with a client certificate so that it can supply the certificate during handshake. If a server we are connecting to does not ask for the certificate,

X509Certificate2 from store with private key

扶醉桌前 提交于 2019-12-24 14:51:19
问题 I have a X509Certificate2 with private key NOT exportable from the Windows store with this code: X509Certificate2 oCertificato = null; X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser); my.Open(OpenFlags.ReadOnly); System.Security.Cryptography.RSACryptoServiceProvider csp = null; foreach (X509Certificate2 cert in my.Certificates) { if (cert.SerialNumber.Trim() == cSerial) { csp = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PrivateKey; oCertificato = cert;

Mutual-Authentication SSL with self-signed client certificate

寵の児 提交于 2019-12-24 00:34:52
问题 In our firm I currently have script that connects to an outside vendor on HTTPS, via SSL. The script only performs server authentication. This is it: use HTML::Parser; use HTTP::Request::Common; use LWP::UserAgent; use XML::Simple; local $ENV{HTTPS_CERT_FILE} = '../cert/abc.vendor.crt'; local $ENV{HTTPS_PROXY} = 'https://proxy.com:8080'; local $ENV{HTTPS_DEBUG} = 0; my $vendor_server = 'https:abc.vendor.site.com'; my $xml = "XML code here"; my $request = (POST $vendor_server, Content_Type =>