ssl-client-authentication

Certificate validation failed: validation of client side certificate fails when the certificate is validated

℡╲_俬逩灬. 提交于 2021-02-11 15:24:09
问题 I am trying to get mutual client certification to work in Azure. I am running a web app with this configuration: public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme

Certificate validation failed: validation of client side certificate fails when the certificate is validated

被刻印的时光 ゝ 提交于 2021-02-11 15:22:36
问题 I am trying to get mutual client certification to work in Azure. I am running a web app with this configuration: public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme

Server Client Auth request Subject Distinguished Name but client filter with Issuer Distinguished Name

孤者浪人 提交于 2019-12-25 09:12:36
问题 Currently I have a problem with enable the mutual SSL on server and client. On the server side, I config the tomcat with enable ClientAuth and config the client's certificate to the truststore. So during ssl handshake, I can see the server's certificate request: [java] *** CertificateRequest [java] Cert Types: RSA, DSS, ECDSA [java] Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA,

How do I set up a SSLContext using certificate from Azure KeyVault in Java

↘锁芯ラ 提交于 2019-12-13 16:15:39
问题 I am working on a Java web application deployed on an Azure App Service instance. And I need to make a call to a REST API that is secured by requiring mutual authentication over SSL. Since this is an app service, I don't have the luxury of adding the certificate and public key to the keystore and truststore respectively, and it has to all be done via code. Although with JCE and SSL, I managed to write the following console application that accesses the secure API successfully (with the help

Having problem in authenticating kubernetes python client

匆匆过客 提交于 2019-12-13 03:44:09
问题 my lisNamespaces.py file from __future__ import print_function import time import kubernetes.client from kubernetes.client.rest import ApiException configuration = kubernetes.client.Configuration() configuration.ssl_ca_cert = 'LS0XXXXXXXXXS0tLQo=' configuration.api_key['authorization'] = 'ZXXXXXXXXXXdw==' configuration.api_key_prefix['authorization'] = 'Bearer' configuration.host = 'https://aaaaaaaaaaaaaaa.gr7.us-east-1.eks.amazonaws.com' #configuration.verify_ssl = False api_instance =

gRpc with TLS Client Authentication using SunPKCS11 in netty fails

∥☆過路亽.° 提交于 2019-12-11 06:27:19
问题 I have some java 8 application, using gRPC for network communication. To secure that, I use TLS with client authentication. Now, I try to switch from software keys to a smart card, holding the private key and certificate (chain) for the client authentication. My code to make netty inside gRPC's use the sun pkcs#11 provider looks as follows: static NettyChannelBuilder getChannel(final String host, final int port, final File trustAnchorsFile) throws Exception{ String configName = "pkcs11.cfg";

Why isn't my server requesting a client cert in Play 2.6.x?

独自空忆成欢 提交于 2019-12-08 12:00:03
问题 I'm trying to enable client authentication by following the play-tls-example. Since this is just an experiment, I'm generating self-signed certs. I have the following SSL engine provider: package https import java.nio.file.{FileSystems, Files} import java.security.KeyStore import play.core.ApplicationProvider import play.server.api._ import javax.net.ssl._ import play.api.Configuration class CustomSSLEngineProvider(appProvider: ApplicationProvider) extends SSLEngineProvider { private val

Use fabric-ca without mutual TLS in production?

妖精的绣舞 提交于 2019-12-06 09:32:16
问题 I am wondering if it is strongly discouraged to use fabric-ca without mutual TLS in production. I am planning to operate a fabric network where a lot of peers, applications and users will be added automatically and the cryptogen tool will not be used. Instead a second fabric-ca will be used to issue TLS certificates. Those certificates will be used for client authentication with the MSP fabric-ca and the peers etc. The TLS fabric-ca does not perform client authentication because new users

Use fabric-ca without mutual TLS in production?

落花浮王杯 提交于 2019-12-04 17:36:04
I am wondering if it is strongly discouraged to use fabric-ca without mutual TLS in production. I am planning to operate a fabric network where a lot of peers, applications and users will be added automatically and the cryptogen tool will not be used. Instead a second fabric-ca will be used to issue TLS certificates. Those certificates will be used for client authentication with the MSP fabric-ca and the peers etc. The TLS fabric-ca does not perform client authentication because new users will have enrollmentID+secret but no client certificates. I Illustrated the registration process in this

AWS API Gateway MTLS client auth

故事扮演 提交于 2019-12-01 05:39:11
Everytime I searched for Mutual Auth over SSL for AWS API Gateway I can only find MTLS between AWS API Gateway and Backend Services. But I'm looking to secure my AWS API Gateway endpoints itself with MTLS (client auth) . For instance, I have a backed service QueryCustomer which I have proxied through AWS API Gateway. Now I can put an SSL Cert on API Gateway but it's usual 1-way SSL. What I want to achieve is to have an MTLS with client auth where the consumer of APIs from AWS API Gateway first have to exchange their public certificates which we configure on the AWS truststores and AWS public