Collaborate Disseminate
For an IoT project, I want to secure client server communication. I want both the server (Apache) and the clients identify/authenticate each other (a client won’t communicate with other clients) before clients can post some d… Continue reading Client certificate common name? Subject alternative name?
I am implementing a PKI for a test environment and have everything just about configured. The architecture consists of a Root CA, two issuing (intermediate CAs), and clients. Client certificates and server certificates are im… Continue reading Root CA or Intermediate CA in firewall trust store
Over the years of being a professional social engineer (SE), I have been asked questions like, “Are you really testing your clients if you don’t use EVERY method possible?” Or, “You are acting like the bad guys, why do you need … Continue reading It Is Important To Have Ethics In Social Engineering
The TLS specs define how the handshake between client and server must be performed when the client wants to use a certificate to authenticate itself. There is a lot of documentation onlin that assumes that the username is put… Continue reading Where can I find the specs for the X.509 certificate used in client-authenticated TLS handshake?
If i want to use client certificates for authentication to a certain part of my website, is it possible to make the client certificate only work on a certain domain name?
I know when requesting the client certificate you can… Continue reading limit client certificate to domain name
If i want to use client certificates for authentication to a certain part of my website, is it possible to make the client certificate only work on a certain domain name?
I know when requesting the client certificate you can… Continue reading limit client certificate to domain name
My question is based on an assumption:
Creating a certificate with a non-exportable private key in the windows store is more secure than creating a private key and certificate and then importing both into a browser certifica… Continue reading Certificate based authentication using the windows computer certificate store
I’m trying to setup a client authentication (for mutual authentication) between 2 tomcats but at this point, I’m stuck with the thought that my client doesn’t send its certificate. I have a private CA so no self-signed certif… Continue reading No client cert sent with 2way SSL – Tomcat configuration
I’m creating a Qt-server which uses SSL via TCP. Clients can authorize themselves on the server using login and password and become users. Only users can perform any actions with their accounts. Unauthorized clients can only … Continue reading How to improve the authorization and client-server interaction scheme?
I want to secure an API used by a react native app. If an authorisation header is sent, the user can read the request and access data. To avoid this I want to use SSL client certificates.
Now if I place the certificate in t… Continue reading Can users read client SSL certificates from a react native mobile apps APK?