473,385 Members | 1,465 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > [slightly ot] php/ssl - client certs how to distribute ?

Join Bytes to post your question to a community of 473,385 software developers and data experts.

[slightly OT] PHP/SSL - client certs how to distribute ?

Hi - Hoped someone who's done this could provide some pointers. I'm
interested in developing a script which would make use of
openssl_x509_read to read a certificate presented in the HTTP headers
when accessing an SSL page.

But here's the question ... what are ways of distributing certificates
to the clients ?

Imagine I have 3 customers in total but when foo.php is requested I
only want 2 of them to see a full response. I could go around to their
offices and install the client certificate and everything would be
fine - but what happens when there are 200 or 2000 certificates to
install ? Bearing in mind I need to be sure that only the right people
are getting a certificate.

I'm sure it's not a new question but can anybody point me in the right
direction please ?

thanks

richard shea.
Jul 17 '05 #1
2 1821
Richard Shea wrote:
Hi - Hoped someone who's done this could provide some pointers. I'm
interested in developing a script which would make use of
openssl_x509_read to read a certificate presented in the HTTP headers
when accessing an SSL page.

But here's the question ... what are ways of distributing certificates
to the clients ?

Imagine I have 3 customers in total but when foo.php is requested I
only want 2 of them to see a full response. I could go around to their
offices and install the client certificate and everything would be
fine - but what happens when there are 200 or 2000 certificates to
install ? Bearing in mind I need to be sure that only the right people
are getting a certificate.

I'm sure it's not a new question but can anybody point me in the right
direction please ?


We've been there with mixed results. Admittedly we tried PKI certs 4
years ago and noone understood them. We even had IT departments telling
us that they couldn't install them as they were a security risk!

Our final version was entirely web based using a set of CA authority
scripts. We solicited the initial certificate contents, an e-mail
address and a password using a web based form. We then validated those
here, generated the certificate and e-mailed a confirmation for the
originator to collect their ceritficate. You can automatically add a
certificate from a webpage.

I suggest you look at www.thawte.com and see how they do it.

We also experimented with business card CDs with generated certificates.
That seems to work well as people understand that it's a 'key' to the
website and to keep it safe, often in their wallet.
Jul 17 '05 #2
Hi Kevin - thanks for your reply, sorry for slow response I have got a
cold and so things have slowed down.

Found your reply very interesing and useful - particularly thought the
'business card' CD's an interesting idea - only dimly aware such a
thing existed I will check them out. Also your other approches looked
good so thanks again for all the info.

regards

richard shea.
Jul 17 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Best way to handle distributing runtime installables from the web??? (slightly O.T.)
by: MLH | last post by:
I have little or no knowledge as to how a runtime Access database application might be distributed from a website. I am sure that I'm about to find out. I do have one question for you wizards...
Microsoft Access / VBA
3
HttpWebRequest and client certs?
by: EMonaco | last post by:
Is there any way to programmatically select a particular client certificate and associate it with an HttpWebRequest instance? I know using WinINet this was possible. Erin.
C# / C Sharp
3
ASPNET To Web Service using SSL w/Client Certs
by: Tim Burris | last post by:
At the top here i will put a quick description of my problem followed by the long description. This way you want get bored reading! : short version what is the best/recommended way for ASPNET...
ASP.NET
3
Some queries on Client Certificates
by: dinoo | last post by:
I would appreciate if some one answers these queries. Thanks in advance. If My web server is SSL enabled, then why should I havea client certificate authentication? what extra security it...
ASP.NET
3
asp.net client cert issue
by: Param R. | last post by:
Hi all, I have an aspx page that needs to call a remote website that is protected by client cert authentication. I have installed the client cert and set permissions for IIS_WPG as per...
ASP.NET
1
PGSQL 7.4.8 PHP 4.3.4 & Apache 2.0.49 Segmentation Fault with Client Certs
by: sysxperts | last post by:
Hello, Having an issue that is specific to PHP compiled with PGSQL support with versions noted in subject line. I understand that there are many variables to consider here but believe I have...
PHP
0
Client Certificate Selection
by: lnap | last post by:
Hey everybody, I've got what I hope to be a simple question. I'm currently working on a project that uses IIS to request a Client Cert (X509) from a CAC/Smart Card. However, we want to get away...
.NET Framework
2
XML-RPC SSL and client side certs?
by: Eli Criffield | last post by:
Does anyone have an example setup of a XML-RPC sever using client side certs for authentication? And instead of having a list of certs allowed to connect, I'd like to allow any cert signed by my...
Python
1
C# DLL - Used in VB Project - Certificate Store gathering certs for use in httpwebrequest
by: Joe | last post by:
Hello, I'm currently using a C# class library which is also converted quickly to a console app by adding a MAIN and adjusting the building configuration. I'm using this page as a reference to the...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!