|
Wayne McAlpine wrote:
One of our guys came up with the bright idea of simply configuring one client pc and then copying the .kdb file to all of the others. Sure beats having to fire up the certificate manager on every box and can save a lot of time if you have more than just a few pc's to configure. FWIW.
That's exactly why I said it depends on your goal. We log every SSL connection and extract the username from the certificate. If desired, we could deny access based on username (for example: *DISABLED, deleted) or based on and individual certificate ID that might have been compromised. We also require a named device for every SSL session (no QPADEV* for that). I also do not email certificates or .kdb files, but the OP didn't seem to be overly concerned about that part. -- Sean Porterfield
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
