On 11/22/06, Chris Covington <[EMAIL PROTECTED]> wrote:
On 11/22/06, Chris Covington <[EMAIL PROTECTED]> wrote:
> On 11/22/06, David Schwartz <[EMAIL PROTECTED]> wrote:
> > > OK, perhaps I need to explain this more. I have a client cert
> > > scenario where in order to verify the client's identity a certificate
> > > is used instead of a username / password. I would not like for anyone
> > > to be able to just grab the client certificate and impersonate, so I
> > > would like to add a password to the cert. I would think this would be
> > > similar to where for instance Verisign sends you a certificate for
> > > your webserver, and it has a password on it. Am I mistaken?
> > >
> > > Chris
> >
> > No, you are completely confused and really need to read some basic
> > information about public-key encryption before you go any further. The whole
> > point of the authentication scheme is that the certificate is public. If it
> > wasn't, how could the server send it to you to prove it's identity?
> >
> > If you want to see, for example, Amazon.com's certificate, type this:
> > openssl s_client -host www.amazon.com -port 443
> > And in a few seconds, Amazon's certificate will appear for you to see.
>
> I am most likely using the wrong terms (but I may be completely
> confused, I admit). When one distributes client certificates to take
> the place of usernames/passwords for authentication, how is that
> commonly referred to? Let's say I wanted to create an application
> where one logs in with only his certificate, not his username and
> password, and there is no rsa private key corresponding to that client
woops, I mean that the rsa private key is not password-protected.
... so how can I password protect the private key/certificate file then?
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
