RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan
-Original Message- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 3:10 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs Oh sorry, I think I was using the wrong terminology. Let me see if I have this straight. If my cli

Re: Simple question about SSL certs

2010-07-26 Thread Bryan Boone
users@openssl.org; openssl-users@openssl.org Sent: Mon, July 26, 2010 2:31:20 PM Subject: RE: Simple question about SSL certs Again, the purpose of the client cert is to authenticate you to the remote (in this case LDAP) server. It can be used to restrict WHO can access the server REGARDLESS of

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan
to the user, but this is less secure from the user's perspective. -Original Message- From: owner-openssl-us...@openssl.org on behalf of Wim Lewis Sent: Mon 7/26/2010 1:51 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs On Jul 26, 2010, at 12:55 PM, Bryan B

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan
se them unless the LDAP server is configured to require them. -Original Message- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 2:09 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs Hi Rene, thanks for the reply. Well

Re: Simple question about SSL certs

2010-07-26 Thread Wim Lewis
On Jul 26, 2010, at 12:55 PM, Bryan Boone wrote: > I would like to write an LDAP client that when a user connects to an LDAP > server with SSL, that the client cert is automatically downloaded to the > client. Then a prompt asks the client to accept or reject the cert. Is this > possible when

Re: Simple question about SSL certs

2010-07-26 Thread Bryan Boone
he Jxplorer. thanks From: Rene Hollan To: openssl-users@openssl.org; openssl-users@openssl.org Sent: Mon, July 26, 2010 1:43:19 PM Subject: RE: Simple question about SSL certs What you are asking for does not make sense. The point of the client cert is to establish

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan
What you are asking for does not make sense. The point of the client cert is to establish the identify of the client. If the server bootstraps this, ANY client can connect and receive the identity. Now, what you MAY want to do is authenticate via a different mechanism (say account and password