[ale] Is anyone actually using: Client side certificates for Auth ?
Sean C. McCord
scmlist at cycoresys.com
Tue Mar 3 17:06:37 EST 2009
On Tue, Mar 03, 2009 at 05:00:24PM -0500, Jim Kinney wrote:
>Sounds fun. The only time I've had to use client-side certs, I had to
>generate them all on the server, signed by server and distribute them
>to clients. I had some script tools to simplify the process but it's
>still a chore.
The easy-rsa suite of scripts (found bundled with OpenVPN) makes
managing keys a breeze. It wouldn't be much work to put a web
frontend on them, I would imagine.
>A browser plugin to generate a CSR would be a terrific thing iff it
>can generate the request, verify the signature of the server the
>request is sent to and then put the signed cert in the appropriate
>storage container.
As to adding the certs to Firefox, it's really just a matter of
loading them in. As long as they are a recognized format, Firefox
will load them right in (with approriate dialog boxes).
To see a working site which uses them, take a look at cacert.org.
--
Sean C. McCord
scmlist at cycoresys.com
More information about the Ale
mailing list