ssl-client-authentication

Certificate validation failed: validation of client side certificate fails when the certificate is validated

阅读更多关于 Certificate validation failed: validation of client side certificate fails when the certificate is validated

问题 I am trying to get mutual client certification to work in Azure. I am running a web app with this configuration: public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme

Certificate validation failed: validation of client side certificate fails when the certificate is validated

阅读更多关于 Certificate validation failed: validation of client side certificate fails when the certificate is validated

Server Client Auth request Subject Distinguished Name but client filter with Issuer Distinguished Name

阅读更多关于 Server Client Auth request Subject Distinguished Name but client filter with Issuer Distinguished Name

问题 Currently I have a problem with enable the mutual SSL on server and client. On the server side, I config the tomcat with enable ClientAuth and config the client's certificate to the truststore. So during ssl handshake, I can see the server's certificate request: [java] *** CertificateRequest [java] Cert Types: RSA, DSS, ECDSA [java] Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA,

How do I set up a SSLContext using certificate from Azure KeyVault in Java

阅读更多关于 How do I set up a SSLContext using certificate from Azure KeyVault in Java

问题 I am working on a Java web application deployed on an Azure App Service instance. And I need to make a call to a REST API that is secured by requiring mutual authentication over SSL. Since this is an app service, I don't have the luxury of adding the certificate and public key to the keystore and truststore respectively, and it has to all be done via code. Although with JCE and SSL, I managed to write the following console application that accesses the secure API successfully (with the help

Having problem in authenticating kubernetes python client

阅读更多关于 Having problem in authenticating kubernetes python client

问题 my lisNamespaces.py file from __future__ import print_function import time import kubernetes.client from kubernetes.client.rest import ApiException configuration = kubernetes.client.Configuration() configuration.ssl_ca_cert = 'LS0XXXXXXXXXS0tLQo=' configuration.api_key['authorization'] = 'ZXXXXXXXXXXdw==' configuration.api_key_prefix['authorization'] = 'Bearer' configuration.host = 'https://aaaaaaaaaaaaaaa.gr7.us-east-1.eks.amazonaws.com' #configuration.verify_ssl = False api_instance =

gRpc with TLS Client Authentication using SunPKCS11 in netty fails

阅读更多关于 gRpc with TLS Client Authentication using SunPKCS11 in netty fails

问题 I have some java 8 application, using gRPC for network communication. To secure that, I use TLS with client authentication. Now, I try to switch from software keys to a smart card, holding the private key and certificate (chain) for the client authentication. My code to make netty inside gRPC's use the sun pkcs#11 provider looks as follows: static NettyChannelBuilder getChannel(final String host, final int port, final File trustAnchorsFile) throws Exception{ String configName = "pkcs11.cfg";

Why isn't my server requesting a client cert in Play 2.6.x?

阅读更多关于 Why isn't my server requesting a client cert in Play 2.6.x?

问题 I'm trying to enable client authentication by following the play-tls-example. Since this is just an experiment, I'm generating self-signed certs. I have the following SSL engine provider: package https import java.nio.file.{FileSystems, Files} import java.security.KeyStore import play.core.ApplicationProvider import play.server.api._ import javax.net.ssl._ import play.api.Configuration class CustomSSLEngineProvider(appProvider: ApplicationProvider) extends SSLEngineProvider { private val

Use fabric-ca without mutual TLS in production?

阅读更多关于 Use fabric-ca without mutual TLS in production?

问题 I am wondering if it is strongly discouraged to use fabric-ca without mutual TLS in production. I am planning to operate a fabric network where a lot of peers, applications and users will be added automatically and the cryptogen tool will not be used. Instead a second fabric-ca will be used to issue TLS certificates. Those certificates will be used for client authentication with the MSP fabric-ca and the peers etc. The TLS fabric-ca does not perform client authentication because new users

Use fabric-ca without mutual TLS in production?

阅读更多关于 Use fabric-ca without mutual TLS in production?

I am wondering if it is strongly discouraged to use fabric-ca without mutual TLS in production. I am planning to operate a fabric network where a lot of peers, applications and users will be added automatically and the cryptogen tool will not be used. Instead a second fabric-ca will be used to issue TLS certificates. Those certificates will be used for client authentication with the MSP fabric-ca and the peers etc. The TLS fabric-ca does not perform client authentication because new users will have enrollmentID+secret but no client certificates. I Illustrated the registration process in this

AWS API Gateway MTLS client auth

阅读更多关于 AWS API Gateway MTLS client auth

Everytime I searched for Mutual Auth over SSL for AWS API Gateway I can only find MTLS between AWS API Gateway and Backend Services. But I'm looking to secure my AWS API Gateway endpoints itself with MTLS (client auth) . For instance, I have a backed service QueryCustomer which I have proxied through AWS API Gateway. Now I can put an SSL Cert on API Gateway but it's usual 1-way SSL. What I want to achieve is to have an MTLS with client auth where the consumer of APIs from AWS API Gateway first have to exchange their public certificates which we configure on the AWS truststores and AWS public