|
I am running the client application making the request to the server. The server is using client authentication. The people running the server sent us their public (personal) key. We created a private client key. I've set up my client application to trust all these keys. There is no way that I can find to import the private client key so that I can assign it to my client application. It won't let me import it into the server/client store because it says there's no request associated with the key when I try to import it. I can import it into the CA store. But I can tell my app to "trust" the both certs when they are in the CA store. We're missing something in this equation because our handshake is failing. What piece, not sure. That's the problem. Brad On Tue, 13 Jan 2004 14:29:41 -0600 Patrick Botz <botz@xxxxxxxxxx> wrote: > > Brad, > > You need to associated the CA certificate that signed the > client > certificate with the application that is going to accept > those certifictes. > This is done through DCM. You don't need the whole > certificate stored on > the OS/400 side. This depends on the application that is > going to accept > the certificate though. If you are doing client > authentication with a web > server application, then you can match certain pieces of > the certificate. > The system validates the cert and ensures it is siged by > a CA trusted by > the applicaiton. The application, in this case the HTTP > server, can then > choose to trust certificates that match info that is part > of the DN in the > cert and/or just the issuer of the cert (i.e. the CA that > signed it). > > Alternatively you can choose to trust specific > certificates, etc. > > Some of the certificate matching function is dependent of > the application > you're using. If you're writing your own app, the APIs > exist that allow you > to do any kind of matching. > > Hope this helps > > Patrick Botz > Senior Technical Staff Member > eServer Security Architect > (507) 253-0917, T/L 553-0917 > email: botz@xxxxxxxxxx > > > > > <snip> > I think the biggest problem understand this is when and > where do we install certificates, and who creates them. > It > sounds like, in your description, either the client > creates > a cert to validate itself to the server on the fly, or > prior to communications the server must install a cert > provided by the client for authentication, as well as the > client machine installing a cert from the server. > > See, even that sounds confusing. :) See where I'm going > with this? In this case, myself, the client, has > installed > a cert provided by the server side. That's it. Should > there be more setup? > </snip> > _______________________________________________ > This is the Midrange Systems Technical Discussion > (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: > http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the > archives > at http://archive.midrange.com/midrange-l. > > > > > > _______________________________________________ > This is the Midrange Systems Technical Discussion > (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: > http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the > archives > at http://archive.midrange.com/midrange-l. > Bradley V. Stone BVS.Tools www.bvstools.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.