[Owasp-ireland] client-side ssl certs?
peter.m.mcevoy at gmail.com
Thu Aug 11 12:37:41 EDT 2011
How about not making the credential checking your problem and instead use a
On 11 August 2011 17:04, John Marmelstein <john.marmelstein at gmail.com>wrote:
> Hi Folks,
> How is everyone? It’s been a bit quiet!
> Anyway, might anyone have thoughts or experience on client-side ssl certs?
> I am making a web app. I need some form of user authentication. I’m
> thinking I need to go a bit better than just having username/password
> for access control. What options are out there? It's for a
> public-sector thing. My hesitation with username/password access
> control is that the credentials might just get passed around.
> I guess that client-side certs are the answer. But, there will be
> about 2000 users. These are low-tech users, distributed around
> Ireland. On their personal (ie not standardized) browsers/operating
> systems. So I can’t call around to them all doing the certificate
> installs. I’m not optimistic about asking this user population to do
> it themselves.
> Any opinions ?
> Maybe it boils down to saying that I either have to
> use username/password
> or, accept the large effort of generating, installing and managing the
> Is there a good way to generate, install and manage certs?
> John Marmelstein
> 087 136 0045
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-ireland