Collaborate Disseminate
For sending soap messages to a webservice we need to include a client authentication certificate with these messages. Normally we simply created a self signed client auth. certificate (with as a common name the name of that particular clie… Continue reading How do I create a Client Authentication Certificate without a domain signed by a commercial CA?
I want to know client information when accessing my website as an identifier so I can filter who are deserve to access my website.
So far I only know this useful information from client those are User-Agent and Client Public IP Address.
Wh… Continue reading What are the most common client info when accessing website?
I am trying to understand how client certificate authentication works in an SSL handshake.
Can someone help to clarify the following bullet points below:
Do we need to have a Client Leaf certificate in Server truststore? Is it referred to… Continue reading Client Authentication in SSL Handshake
Have you been slowly falling down a rabbit hole of Stallman-like paranoia of computers ever since installing Ubuntu for the first time in 2007? Do you now abhor anything with …read more Continue reading Remote Screen Viewer is Text-Only
If I own a software and I want to conduct a pen test with pen testers, should I define the scope or do the pen testers assess the software first and they define the scope? How does scope definition happen?
Furthermore, does the term "… Continue reading Defining scope of a software pen test
Taking the concept from the Gemini protocol that allows clients to identify themselves using their own self-signed certificate – is this a valid concept that could be used in other protocols and what is the downside?
From a client’s point … Continue reading Client Identification using Self Signed Certificates
I’m writing a python application that will do some operations that will require root privileges. Instead of asking for user password every time i decided to use server client model.
A python script will be executed as root user using pkexe… Continue reading Is a client server model to do root operations without asking for password everytime secure?
I’m building an app that uses Braintree for processing payments. According to the documentation, I need a server-side endpoint that returns the clientToken, which is then used to manage a user’s vault and process payments, so I’m trying to… Continue reading Is braintree clientToken supposed to be public?
If a wildcard certificate is provisioned for *.domain.fqdn, and has Client Authentication as a defined usage, does this mean the certificate can be used to essentially impersonate any domain machine?
My understanding is that it is up to th… Continue reading Wildcard Certificates and Client Authentication for Machine Authentication
When a HTTPS connection with a client certificate request is done, the client sends a CertificateVerify message with his public certificate so the server can verify that the client has a valid private certificate that matches the public ke… Continue reading How is CertificateVerify SSL is created? It can be cached?