|
Home > Archive > IIS Server Security > July 2004 > SSL & Ignore client certificates
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL & Ignore client certificates
|
|
| Slava 2004-07-09, 12:01 pm |
| Hello,
can anybody explain me, how data transfering is encrypted in SSL
if on IIS is setted : 'Ignore client certificates' ?
In other modes, I understand, that Client encrypt by public key of Server
cert,
and Server decrypt it by it's private key Client->Server,
and in the way Server->Client, Server encrypt data by Client public key,
and Client decrypt by it's private key - OK, clear.
Am I right ?
But in the mode : 'Ignore client certificates' ???
Client can encrypt by Server public key - OK,
but what about Server encrypting ? by which the Server encrypts ? and Client
decrypt ?
can you explain me it ??? [maybe this case SSL is only one way crypted ? ]
thank you,
slava
K.Jansta
| |
| Miha Pihler 2004-07-09, 12:01 pm |
| Hi,
Ignore client certificates means IIS will not use client's certificate for
authentication, but data transferred between the server and the client will
still be encrypted. This configuration is used:
a) when using anonymous access to protected web server (e.g. shopping, ...)
b) when you use e.g. basic authentication or any other authentication
If you have a site that must really be protected, then you can issue your
clients certificates (e.g. on smart card) and require them to use these
certificates for authentication. In this case you will remove the setting
"Ignore client certificates" and you will set "Require client certificates"
How keys are exchanged when initiating SSL certificates is explained in this
Microsoft's article:
Description of the Secure Sockets Layer (SSL) Handshake
http://support.microsoft.com/defaul...kb;EN-US;257591
and some other useful information:
SSL/TLS in Windows Server 2003
http://www.microsoft.com/technet/pr...ty/sslws03.mspx
Hope this helps you out,
Mike
"Slava" <DoNotSpamMe_KJ@lcs.cz> wrote in message
news:%23lCubeOZEHA.2516@TK2MSFTNGP10.phx.gbl...
> Hello,
> can anybody explain me, how data transfering is encrypted in SSL
> if on IIS is setted : 'Ignore client certificates' ?
>
> In other modes, I understand, that Client encrypt by public key of Server
> cert,
> and Server decrypt it by it's private key Client->Server,
> and in the way Server->Client, Server encrypt data by Client public key,
> and Client decrypt by it's private key - OK, clear.
> Am I right ?
>
> But in the mode : 'Ignore client certificates' ???
> Client can encrypt by Server public key - OK,
> but what about Server encrypting ? by which the Server encrypts ? and
> Client
> decrypt ?
>
> can you explain me it ??? [maybe this case SSL is only one way crypted ? ]
>
> thank you,
> slava
>
> K.Jansta
>
>
| |
| Slava 2004-07-09, 12:01 pm |
| "Miha Pihler" <mihap-news@atlantis.si> wrote
> How keys are exchanged when initiating SSL certificates is explained in
this
> Microsoft's article:
> Description of the Secure Sockets Layer (SSL) Handshake
> SSL/TLS in Windows Server 2003
> Hope this helps you out,
yes, thank you, very useful information,
and all is clear,
thank you,
slava
K.Jansta
| |
| Miha Pihler 2004-07-09, 12:01 pm |
| You are welcome :-)
Mike
"Slava" <DoNotSpamMe_KJ@lcs.cz> wrote in message
news:e57p$3XZEHA.3016@tk2msftngp13.phx.gbl...
> "Miha Pihler" <mihap-news@atlantis.si> wrote
>
> this
>
> yes, thank you, very useful information,
> and all is clear,
>
>
> thank you,
> slava
>
> K.Jansta
>
>
|
|
|
|
|