Pretty much correct. When one uses client certs, one has mutual authentication.
The thing is, because a client cert can authenticate the client, applications
(like LDAP servers) which require authentication ("binding" in the LDAP sense),
MAY (LDAP does) support using this information (typically
Oh sorry, I think I was using the wrong terminology.
Let me see if I have this straight.
If my client requires a client cert, this is mutual SSL. Here the client
proves
to the server that it is allowed to communicate with the server via it's client
cert.
In order to get encrypted network tra
O.K. I've done some more research and reread the original question. OP
describes two LDAP clients, one of which accepts auth credentials "up front",
asks if SSL should be used, and offers the LDAP server's cert for verification
(likely before sendint auth credentials). The second "just works" wi
On Mon, Jul 26, 2010, no_spam...@yahoo.com wrote:
>
> I've browsed through about a year's worth of the openssl-users and
> openssl-dev
> mail list archives in search of some information. I think I found most of
> what
> I'm looking for, but I want to summarize my questions and my understandi
Again, the purpose of the client cert is to authenticate you to the remote (in
this case LDAP) server. It can be used to restrict WHO can access the server
REGARDLESS of what credentials (account and password) they might have. It can
also be used as a substitute to provide those credentials (at
Hello.
I've browsed through about a year's worth of the openssl-users and openssl-dev
mail list archives in search of some information. I think I found most of what
I'm looking for, but I want to summarize my questions and my understanding of
the current situation for your review:
1) I've see
On Jul 26, 2010, at 12:55 PM, Bryan Boone wrote:
> I would like to write an LDAP client that when a user connects to an LDAP
> server with SSL, that the client cert is automatically downloaded to the
> client. Then a prompt asks the client to accept or reject the cert. Is this
> possible when
Hi Rene, thanks for the reply.
Well I am not sure really how this works. Here is why I am confused.
I have two windows LDAP browser clients that I did not write. One is called
Jxplorer and the other is called LDAPEditor. I also have a regular openldap
server running on a suse box that is usi
What you are asking for does not make sense. The point of the client cert is to
establish the identify of the client. If the server bootstraps this, ANY client
can connect and receive the identity.
Now, what you MAY want to do is authenticate via a different mechanism (say
account and password
Hi everyone, I am a noob when it comes to SSL and I have an easy question but I
don't have the time to look up the answer myself.
I am trying to write an LDAP client. I need this client to use SSL as well. I
am using the openldap server and C libraries. Here is what the openldap web
page say
On Mon, Jul 26, 2010, Markus Hofer wrote:
> Hi guys
>
> Sorry for the double posts earlier on. I am still trying to build openssl as
> small as possible. Therefore I want to build openssl without RSA,DSA and DH
> support.( I am working on that for some days now). U
> However I have some tro
Hi All
Requirement:- I want to build a man in the middle proxy application.
I have experimented so many methods to achieve this. But my application is
failing when I tried some https url's from the browser
(IE 8 and Firefox 3.7).
I have configured my browser proxy settings to '4
Hi guys
Sorry for the double posts earlier on. I am still trying to build openssl as
small as possible. Therefore I want to build openssl without RSA,DSA and DH
support.( I am working on that for some days now). U
However I have some troubles. I didn't find any related posts to that problem.
Hi
I think I have found the problem. Looking into speed.c unter /apps I found the
two possible errors:
1.) If compiled without DSA & RSA at the same time than the variable rsa_result
is not defined: from line 510 in speed.c
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
long rsa_coun
I've solved this problem.
I created file ip.ext with:
subjectAltName=IP:10.5.19.191
To sign certificate I used:
openssl ca -notext -extfile ip.ext -in /etc/ssl/req.txt >
/etc/ssl/ilocert.pem
Everything works well!
Thanks
Jakob Bohm-7 wrote:
>
> Depending on the CA you use, you may be able t
Hi,
This is Rajesh Kumar from CISCO. We are using the Openssl libraries in our
project in the Win 32 enviroment.
We were using 0.9.8l version of the library earlier. We are now trying to
migrate to 1.0.0a version.
While building the 1.0.0a version we found that few crypto-engines are not
b
16 matches
Mail list logo
