473,566 Members | 3,342 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

[slightly OT] PHP/SSL - client certs how to distribute ?

Hi - Hoped someone who's done this could provide some pointers. I'm
interested in developing a script which would make use of
openssl_x509_re ad to read a certificate presented in the HTTP headers
when accessing an SSL page.

But here's the question ... what are ways of distributing certificates
to the clients ?

Imagine I have 3 customers in total but when foo.php is requested I
only want 2 of them to see a full response. I could go around to their
offices and install the client certificate and everything would be
fine - but what happens when there are 200 or 2000 certificates to
install ? Bearing in mind I need to be sure that only the right people
are getting a certificate.

I'm sure it's not a new question but can anybody point me in the right
direction please ?

thanks

richard shea.
Jul 17 '05 #1
2 1831
Richard Shea wrote:
Hi - Hoped someone who's done this could provide some pointers. I'm
interested in developing a script which would make use of
openssl_x509_re ad to read a certificate presented in the HTTP headers
when accessing an SSL page.

But here's the question ... what are ways of distributing certificates
to the clients ?

Imagine I have 3 customers in total but when foo.php is requested I
only want 2 of them to see a full response. I could go around to their
offices and install the client certificate and everything would be
fine - but what happens when there are 200 or 2000 certificates to
install ? Bearing in mind I need to be sure that only the right people
are getting a certificate.

I'm sure it's not a new question but can anybody point me in the right
direction please ?


We've been there with mixed results. Admittedly we tried PKI certs 4
years ago and noone understood them. We even had IT departments telling
us that they couldn't install them as they were a security risk!

Our final version was entirely web based using a set of CA authority
scripts. We solicited the initial certificate contents, an e-mail
address and a password using a web based form. We then validated those
here, generated the certificate and e-mailed a confirmation for the
originator to collect their ceritficate. You can automatically add a
certificate from a webpage.

I suggest you look at www.thawte.com and see how they do it.

We also experimented with business card CDs with generated certificates.
That seems to work well as people understand that it's a 'key' to the
website and to keep it safe, often in their wallet.
Jul 17 '05 #2
Hi Kevin - thanks for your reply, sorry for slow response I have got a
cold and so things have slowed down.

Found your reply very interesing and useful - particularly thought the
'business card' CD's an interesting idea - only dimly aware such a
thing existed I will check them out. Also your other approches looked
good so thanks again for all the info.

regards

richard shea.
Jul 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
1735
Best way to handle distributing runtime installables from the web??? (slightly O.T.)
by: MLH | last post by:
I have little or no knowledge as to how a runtime Access database application might be distributed from a website. I am sure that I'm about to find out. I do have one question for you wizards though... My experience has shown that when I have installed applications from the web, my browser generally asks what I want to do with the file......
Microsoft Access / VBA
3
12930
HttpWebRequest and client certs?
by: EMonaco | last post by:
Is there any way to programmatically select a particular client certificate and associate it with an HttpWebRequest instance? I know using WinINet this was possible. Erin.
C# / C Sharp
3
2807
ASPNET To Web Service using SSL w/Client Certs
by: Tim Burris | last post by:
At the top here i will put a quick description of my problem followed by the long description. This way you want get bored reading! : short version what is the best/recommended way for ASPNET apps to call web services that REQUIRE Client Certificates via SSL long version our company has new requirements, all servers must REQUIRE SSL and...
ASP.NET
3
1972
Some queries on Client Certificates
by: dinoo | last post by:
I would appreciate if some one answers these queries. Thanks in advance. If My web server is SSL enabled, then why should I havea client certificate authentication? what extra security it provides? Can I use client certificate without having SSL connection? How do I get the Client Certificate? Is it necessary to be issued from the same...
ASP.NET
3
1479
asp.net client cert issue
by: Param R. | last post by:
Hi all, I have an aspx page that needs to call a remote website that is protected by client cert authentication. I have installed the client cert and set permissions for IIS_WPG as per http://support.microsoft.com/default.aspx?scid=kb;en-us;817854. I then exported the cert to a DER encoded file. Now here is my code:- Dim h as...
ASP.NET
1
2476
PGSQL 7.4.8 PHP 4.3.4 & Apache 2.0.49 Segmentation Fault with Client Certs
by: sysxperts | last post by:
Hello, Having an issue that is specific to PHP compiled with PGSQL support with versions noted in subject line. I understand that there are many variables to consider here but believe I have narrowed down the Apache Client Cert failures to my PHP/PGSQL build. 1. Apache PHP without PGSQL works as expected using client certificates 2. ...
PHP
0
1093
Client Certificate Selection
by: lnap | last post by:
Hey everybody, I've got what I hope to be a simple question. I'm currently working on a project that uses IIS to request a Client Cert (X509) from a CAC/Smart Card. However, we want to get away from IIS mandating this requirement and have ASP.NET (C#) request this cert from the client. Is there anyway in .NET to force the Client Cert request...
.NET Framework
2
3870
XML-RPC SSL and client side certs?
by: Eli Criffield | last post by:
Does anyone have an example setup of a XML-RPC sever using client side certs for authentication? And instead of having a list of certs allowed to connect, I'd like to allow any cert signed by my CA. It doesn't seem like it would be to hard to do and I'll probably spend some time setting it up here soon, but would be interested if anyone...
Python
1
5899
C# DLL - Used in VB Project - Certificate Store gathering certs for use in httpwebrequest
by: Joe | last post by:
Hello, I'm currently using a C# class library which is also converted quickly to a console app by adding a MAIN and adjusting the building configuration. I'm using this page as a reference to the code. http://support.microsoft.com/kb/895971 . I am using the CryptoAPI calls instead of a *.cer file. The only reason i'm using this method...
ASP.NET
0
7893
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
0
8109
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
Online Marketing
0
6263
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
Career Advice
1
5485
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
5213
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
C# / C Sharp
0
3643
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
Networking - Hardware / Configuration
0
3626
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2085
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
0
926
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us