1

SSL Certificates, two-way authentication and loadbalancers

view story
linux-howto

http://serverfault.com – We're looking to implement two-way authentication with client certificates for a privileged subset of our application users. The idea will be that if a certificate is detected the user will be asked for an additional password/PIN and that will be used to verify the certificate and user. Ordinary users will continue to authenticate themselves via the standard login mechanism. Our production environment (hosted by a well-known company) comprises load-balanced application servers and I'm unclear as to how this set-up will handle the certificates and I'm not certain if there are any pitfalls I sh (HowTos)

taskli's picture
Submitted by taskli on 06/25/2012

Stories similar to SSL Certificates, two-way authentication and loadbalancers

Setup IIS to require client certificate and to use anonymous authentication

I have a WCF web service for our customers to use. I want to protect this using client certificates.

I have a website on Windows Server 2003 which is set to accepts client certificates When connecting to my website on the QA environment I am prompted with my client certificate but this does not happen on the Production environment.

I have added the root chain (a total of 2 certificates) of the my client certificate to the Trusted Root Certificate Authority on both the QA and the Production envir

I'm working on a web application with simple API needing authentication. For my application nature, users have two RSA keys, for signing and encrypting messages. My protocol works based on it. The web application has access to public keys.

One solution to achieve authentication and kill MITM is to build SSL over the application API and build an authentication method using user's keys.

Renew SSL client certificate 20 weeks 3 days ago

For a internally used webbased software, which must be available from everywhere, I have created client certificates which are installed in the browsers of authorized consumers.

Now, with 2012 being over, all of them are expired and need a renewal. I've given out PKCS #12 certificates (.p12)

Here my questions

Is it possible to extend the client certificate lifetime? Do I have to reinstall the

I have a scenario where I need to run an application through hardware HTTPS load balancing that does round-robin. Clients will authenticate through pre-issued certificates from a standalone root CA that are one-to-one mapped via IIS. The clients are not AD authenticated only certificate.

My questions are:

Assumption is the same base-64 cert can be used on both IIS7.5 servers?

How To Set Up OpenVPN To Authenticate With LinOTP This howto will show you the way to set up OpenVPN to authenticate users against the LinOTP authentication backend. Thus you can bring up your VPN using two factor authentication with different kind of OTP tokens.

My company wants to expose BizTalk services to external trading partners using ISA/TMG and SSL client certificates to authenticate. We were told by a Microsoft engineer that this is not possible if the certificates do not authenticate against our AD. Is this true? We are considering using Symantec Managed PKI. https://www.symantec.com/verisign/managed-pki-service

I have a tablet running Android 4.2 with multiple users configured. I want to install certificates which can be accessed by the secondary user (basically I want to configure an Email account in the secondary user which requires certificates). I installed certificates in the primary user.

Exchange certificate questions 42 weeks 15 hours ago

I got the following message The STARTTLS certificate will expire soon. Now I tried to create new certificates, but currently the old ones are still used.

Questions:

Can I backup the old certificate somehow (in case I remove one but missed a thing)? Does a service can be assigned to only one certificate?