mutual-authentication

Is it possible to use SIM card to mutual authentication on access to a secure web server with Android?

妖精的绣舞 提交于 2019-12-24 00:04:23
问题 My intention is to use Android (browser) to mutual authenticate on a web server. For that would be nice if the Public Cert from the SIM card could be use and the signing operation from the SIM card with PIN. Android is not the priority, Symbian or other hypothesis are to be considered, since they allow the usage i'm asking for. 来源: https://stackoverflow.com/questions/9026828/is-it-possible-to-use-sim-card-to-mutual-authentication-on-access-to-a-secure-we

How to implement mutual authentication for client in Openssl?

删除回忆录丶 提交于 2019-12-23 01:14:07
问题 What function calls do I need to do for mutual authentication ? I have searched a lot, but didn't find anything useful. Can anybody help me doing this ? 回答1: The function calls you are looking for are the SSL_set_verify() family. On the server side, specifying SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT requires a valid client certificate. On the client side, just SSL_VERIFY_PEER is needed. Both sides must also ensure that anonymous ciphers are not allowed in their specified cipher list

Spring Boot in Azure - Client Certificate in Request Header

江枫思渺然 提交于 2019-12-21 21:12:44
问题 We currently implemented mutual authentication in our Spring Boot application and need to deploy it in Azure. Azure's loadbalancer redirects the client certificate (Base64 encoded) in the request header field "X-ARR-ClientCert" and Spring is not able to find it there. => Authentication fails The microsoft documentation shows how to handle this in a .NET application: https://docs.microsoft.com/en-gb/azure/app-service-web/app-service-web-configure-tls-mutual-auth I tried to extract the

Getting Mutual SSL Authentication information with Heroku

不想你离开。 提交于 2019-12-12 08:30:02
问题 I'm looking to build a mutual ssl authentication with Heroku, where a third party calls a Heroku endpoint and the response from Heroku is dependant on which third party calls Heroku. I need to use mutual ssl as the third parties are very security conscious. I have a third party calling Heroku (via the SSL add-on) with a certificate and am able to get a response. So the mutual SSL handshake appears to have worked. However my application is unable to determine which third party has called

How do I monitor client certs that are being sent via the requests?

好久不见. 提交于 2019-12-12 02:06:15
问题 All the certs are generated using another self signed CA cert right now. I am doing a POC for a project. It's imperative for me to figure out a way to get information about the client certs that are received through the client requests. How do I do this? EDIT: More specifically, I want to check if two client certs coming from two different incoming web requests are similar or not 回答1: How do I monitor client certs that are being sent via the requests? Client certificates are used to establish

Test WCF with Mutual Certificate Authentication using SOAPUI

做~自己de王妃 提交于 2019-12-11 18:19:00
问题 I´m trying to test a WCF service with mutual certificates authentication using a client on C# and it works; now I want to test the service using SOAP UI. This is the service configuration: <system.serviceModel> <services> <service behaviorConfiguration="ServiceBehavior" name="WS_XXXXX.WcfXXXX"> <endpoint address="" binding="customBinding" bindingConfiguration="XXXSoap" bindingNamespace="" contract="IXXXSoap" > </endpoint> <host> <baseAddresses> <add baseAddress="http://localhost:47037/"/> <

Is there a way that I can do Mutual SSL without direct acces to the Websphere keystore in Java?

流过昼夜 提交于 2019-12-11 09:05:43
问题 I'm trying to establish Mutual SSL between 2 Websphere 8.5.5 servers. I'll just call them ServerA and ServerB. ServerA: Client side, added ServerB's SSL certificate into DefaultTrustKeyStore. ServerB: Server side, added ServerA's SSL certificate into DefaultTrustKeyStore. I also installed a WAR which provide a servlet that could receive HTTP POST message, log it, and response "OK" to client. Client Auth mode set to "Required". Now I got a problem: traditional way of Mutual SSL client side

Mutual authentication always succeeds with OpenSSL

懵懂的女人 提交于 2019-12-11 06:29:54
问题 I am using openssl and zmq to write a server and a client. My client and server need mutual authentication. but after I set SSL_CTX_set_verify(ssl_ctx,SSL_VERIFY_FAIL_IF_NO_PEER_CERT,NULL) on server, the handshake always successes whether the client send the certificate or not. In addition, SSL_get_peer_certificate(tls->get_ssl_()) return null and SSL_get_verify_result(tls->get_ssl_()) return 0 which means X509_V_OK . I am really confused and desperate now. Any suggestions or corrections?

Signing certificate request with certificate authority

隐身守侯 提交于 2019-12-10 03:41:49
问题 I want to use TLS mutual authentication to authenticate a client on a API made in go. I've created a certificate authority, and let's say Bob has a key pair he wants to use with the client. Bob created a certificate request and want me to validate his certificate in order to be authorized and authenticated on the API. I've used this to create my Certificate Authority : openssl genrsa -aes256 -out ca.key 4096 openssl req -new -x509 -sha256 -days 730 -key ca.key -out ca.crt Bob used this to

SSL mutual authentication FAIL on Android Client accepts servers certificate but server does not get the client cert

你。 提交于 2019-12-09 18:05:28
问题 I am trying to set up a mutually authenticated SSL between a Linux Server and Android APP. So far, I have been able to get the app to work with the server certificate communicate via SSL but once I set the server to only accept client certificates it stops working. The server configuration seems ok, but I am a kind of stuck. My best guess is that the client certificate is not correctly being presented to the server but got no idea how to test it next. I tried using the .pem for the client in