Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602Pro LAN SUITE 2002 User Forumforum home | rss | search | terms of use
BackBack to 602Pro LAN SUITE 2002 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Client Authentication
  Posted by  Michael Daigle  on Wednesday, May 07, 2003 at 6:55:58 PM (EST)
I would like to require clients to authenticate using their digital id. I don't quite understand how to set up the authorities (ie: what to put in CA folder). Any help would be much appreciated.
  Posted by Robert Smith  on Thursday, May 08, 2003 at 10:23:00 AM (EST)
The CA folder is for SSL certificates, not digital IDs. I'm pretty sure LAN Suite doesn't support Digital ID authentication.
  Posted by Michael Daigle  on Thursday, May 08, 2003 at 10:59:21 AM (EST)
Thanks for the reply Robert. The server certificate (keypair - PEM) resides in the LANSUIT root folder (by default). The CA folder is for CA certificates. Yes, LANSUIT does support client authentication. I had it working so that when I connected it does request a digital id, but I don't know whether I have to put my Issuer's certificate in the CA folder or whether I must otherwise certify client certificates.
  Posted by Michael Daigle  on Thursday, May 08, 2003 at 6:41:36 PM (EST)
Thanks Robert and anyone else about to reply. Problem solved. Client certificates need to have strong extranet credentials embedded for my host.

Thanks again.
  Posted by Michael Daigle  on Sunday, May 11, 2003 at 2:06:32 PM (EST)
Update: I'm new to openssl and ssleay so my ignorance is likely the culprit. I have had _some_ success in setting up client authentication.

I have a Thawte Digital ID with strong extranet. I converted that x509 to PEM, split it and generated a CSR. I then signed the request with the CA cert for my LAN. I put the keys back together then converted that PEM to x509 and imported to my browser. All is well!

Now, when I enter the URL to my WWW I am prompted for a Digital ID and the client certificate I dealt with above shows up in the list of available certificates to use. I must have done something wrong because when I click OK, I get no page. The only way I can login is to Cancel and not use the client certificate (I'm not forcing client authentication until I get it working). The client certificate, although originally a Thawte certificate now shows as issued by me (my self-signed CA by LAN SUITE).

If anyone knows about openssl and ssleay and can point me in the right direction to get what I want, I'd certainly appreciate it. I'm getting close, but I've only been exposed to this for almost two days...

I'm running WinMe.

  Posted by Alex Chan  on Sunday, January 18, 2004 at 9:46:13 PM (EST)
Hi,

I am currently using the LS2003 and I would like to try out the Self-signed Certificate SSL.

I will be using the Outlook Express to retrieve my account. Please note that all my email accounts are base on the user created in LS2003. Thus LS2003 is mainly used as a mail server for testing.

I have create the Server.crt. But how can I import into my outlook express? How do I ensure that the mail are send out as encrypted with digital ID? So far, I can really make it works. It seems to ignore the Certificate which I have imported in the Trusted Root. In additional, when i set up my email account, under the security portion, when i click on the Certificate (Signing/Encryption perferance), nothing is there.

Please help.

Thank you.

Regards,
Alex Chan
  Posted by Michael Daigle  on Monday, January 19, 2004 at 9:47:14 AM (EST)
I started this thread for help with client-side authentication, but it appears you're just trying to get SSL working without client auth. Before I started using a CA Cert server certificate, I was using a self-signed certificate. In both cases, importing the server's certificate (or it's Issuer's in the case of CA Cert) removed the Outlook Express warning that I don't trust the server's certificate when sending or receiving mail.

There should be no additional cert for you to choose for sending from. You don't need a personal certificate to send encrypted to the server. The server.crt is to identify your server. Your OE will encrypt to the server's key. The transmission will be encrypted, although the mail itself will not (unless you encrypt the message to the recipient's personal cert).

Do not hide OE's info panel when send/receive mail. You should see that you are making a SSL connection to your server. If that's the case, all is working perfectly.
BackBack to 602Pro LAN SUITE 2002 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.