 |
|
 |
|
|
 |
s it possible to force IIS to accept any certificate? |
 |
 |
|
|
08-15-07 06:22 PM
Hello,
I am trying to configure IIS to accept any certificate, from anyone, is that
possible?
TIA!
Stanko.
[ Post a follow-up to this message ]
|
|
|
 |
|
|
|
|
Re: s it possible to force IIS to accept any certificate? |
|
|
|
|
08-16-07 12:20 AM
why would you want to do this?
"Stanko Milosev" <testerayu@yahoo.com> wrote in message
news:OvRH0003HHA.3684@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> I am trying to configure IIS to accept any certificate, from anyone, is
> that possible?
>
> TIA!
> Stanko.
>
[ Post a follow-up to this message ]
|
|
|
|
|
 |
|
 |
|
|
|
Re: s it possible to force IIS to accept any certificate? |
|
|
|
|
08-16-07 12:19 PM
We want to make web site with PHP, that if a user have a certificate, then,
for example, to give this user welcome screen, but if he don't have a
certificate then to give him login screen.
I have found that with _SERVER["CERT_SERIALNUMBER"] variable I can get
client certificate serial number, but only if IIS server accepted user
certificate...
"Consultant" <consultant_mcngp@yahoo.com> wrote in message
news:unhfGL33HHA.5360@TK2MSFTNGP03.phx.gbl...
> why would you want to do this?
>
> "Stanko Milosev" <testerayu@yahoo.com> wrote in message
> news:OvRH0003HHA.3684@TK2MSFTNGP02.phx.gbl...
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: s it possible to force IIS to accept any certificate? |
|
|
|
|
08-16-07 12:19 PM
Your authentication protocol is not possible to implement in the
smooth fashion that you imagine, especially if you plan to use generic
browsers like IE/Firefox/Opera or generic servers like Apache/IIS/
Java.
With SSL, IIS supports ignoring, accepting, or requiring client
certificate. With the latter two options, IIS certainly supports
accepting any certificate from anyone. The question is whether you can
*compel* the user to send the certificate when it is optional.
If you don't force the user to send the certificate, then you'll never
get the logic of "certificate first, then fallback to login screen".
If you DO force the user to send the certificate, no web server will
allow a "fallback to login screen". Why? Because that is a custom
authentication scheme unsupported by standards. SSL Client Certificate
protocol never says it works like what you dream.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Aug 16, 12:02 am, "Stanko Milosev" <tester...@yahoo.com> wrote:
> We want to make web site with PHP, that if a user have a certificate, then
,
> for example, to give this user welcome screen, but if he don't have a
> certificate then to give him login screen.
>
> I have found that with _SERVER["CERT_SERIALNUMBER"] variable I can get
> client certificate serial number, but only if IIS server accepted user
> certificate...
>
> "Consultant" <consultant_mc...@yahoo.com> wrote in message
>
> news:unhfGL33HHA.5360@TK2MSFTNGP03.phx.gbl...
>
>
>
>
>
>
>
> - Show quoted text -
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: s it possible to force IIS to accept any certificate? |
|
|
|
|
08-16-07 12:19 PM
Thank you David, for your help.
I am just searching for a way to solve my task.
Is there way, any how, that we can accept client certificates? We are trying
to find a way to allow our users to log on to our site with their
certificate, but we don't want them to force to get new certificate, since
we already started pki system for signing and encrypting xml documents, and
our users already have some certificates, now we don't want them to force to
get another one.
Stanko.
"David Wang" <w3.4you@gmail.com> wrote in message
news:1187252080.373084.162030@q4g2000prc.googlegroups.com...
> Your authentication protocol is not possible to implement in the
> smooth fashion that you imagine, especially if you plan to use generic
> browsers like IE/Firefox/Opera or generic servers like Apache/IIS/
> Java.
>
> With SSL, IIS supports ignoring, accepting, or requiring client
> certificate. With the latter two options, IIS certainly supports
> accepting any certificate from anyone. The question is whether you can
> *compel* the user to send the certificate when it is optional.
>
> If you don't force the user to send the certificate, then you'll never
> get the logic of "certificate first, then fallback to login screen".
> If you DO force the user to send the certificate, no web server will
> allow a "fallback to login screen". Why? Because that is a custom
> authentication scheme unsupported by standards. SSL Client Certificate
> protocol never says it works like what you dream.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
>
> On Aug 16, 12:02 am, "Stanko Milosev" <tester...@yahoo.com> wrote:
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: s it possible to force IIS to accept any certificate? |
|
|
|
|
08-16-07 12:19 PM
I am sorry,
I don't understad this:
> With SSL, IIS supports ignoring, accepting, or requiring client
> certificate. With the latter two options, IIS certainly supports
> accepting any certificate from anyone.
As much as I know, I must follow certificate chain? This mean, that IIS will
not accept certificate which is not followed by certificate from server?
Obviously, I have little knowledge about IIS SSL, can you please recommend
me a book about it?
Thank you again,
Stanko
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 02:19 AM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
