× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2004

Re: Another angle... Client Authentication with SSL?

Brad,

A "normal" (if you found this in IBM documentation, then I am appalled!)
SSL connection is an encrypted session that is created by the client
challenging the server/responder to prove that the server/responder is who
it says it is and who the client expects it to be. The server does this by
presenting it's digital certificate to the client. This is what happens
when you use and "https" protocol rather than "http."  Notice that setting
up an SSL session only requires that the server authenticate to the client.

"SSL with Client authentication" is when the server, after authenticating
to the client, turns around and challenges the client to prove that the
client is who it/he/she claims to be. The client also presents a digital
certificate to the server for authentication. Client authentication happens
after the SSL connection is set up and is not technically part of the SSL
handshake. That is why it is called SSL with client authentication.

Many people don't realize that an SSL connection does not authenticate the
client -- just the server that the client wants to talk to.

Patrick Botz
Senior Technical Staff Member
eServer Security Architect
(507) 253-0917, T/L 553-0917
email: botz@xxxxxxxxxx



                                                                                
                                    
                      "Brad Stone"                                              
                                    
                      <brad@xxxxxxxxxxxx>         To:       Midrange Systems 
Technical Discussion                   
                      Sent by:                     <midrange-l@xxxxxxxxxxxx>    
                                    
                      midrange-l-bounces@m        cc:                           
                                    
                      idrange.com                 Subject:  Another angle... 
Client Authentication with SSL?        
                                                                                
                                    
                                                                                
                                    
                      01/12/2004 01:22 PM                                       
                                    
                      Please respond to                                         
                                    
                      Midrange Systems                                          
                                    
                      Technical Discussion                                      
                                    
                                                                                
                                    
                                                                                
                                    




In working with my problem I'm having a hard time finding
information that deals with the client end of doing SSL
communications using Client Authentication.

Would anyone care to explain the difference between Client
Authentication and "normal" SSL from the client end?

I've received a set of public keys from the TP, installed
them, and now when we do "normal" SSL everything works
great.  When we use what they call "SSL with client
authentication" it errors out with the "Bad Peer" error on
the client end.

I'm using the SSL APIs which have worked great until this
point.  I just can't find what is different with Client
Authentication SSL and what I may need to do differently
with my application.  Seems like it should work just fine.

TIA!
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.