Some queries on Client Certificates

[Guest]

I would appreciate if some one answers these queries.
Thanks in advance.

If My web server is SSL enabled, then why should I havea client certificate authentication? what extra security it provides? Can I use client certificate without having SSL connection?

How do I get the Client Certificate? Is it necessary to be issued from the same webservice server i want to use? Or I can get it from any CA e.g verisign?
Is it possible to get free client certificate (not from Microsoft Certificate services)?


Thanks

dinoo

 

[Paul Glavich [MVP - ASP.NET]]

If My web server is SSL enabled, then why should I havea client
certificate authentication?
The Server certificate provides authenticity of the server, and can also
provide a method of encrypting traffic via SSL. A client side certificate
provides authenticity of the client. eg. If you only issue client side
certificates to certain clients, then you can be sure of who your client is.
With just a server certificate, anybody can access your site, even though
its encrypted traffic, it just means that the traffic is not in plain text.
I think so but I haven't tried it. The client cert can be valid cert from
any certificate authority that you configure the site to accept. eg.
verisign or your own CA.

How do I get the Client Certificate?

It needs to be specially issued from either a wel known CA like verisign or
if you have your own CA setup (Self signed certificates), you can issue your
own client cert, but i needs to be specially requested when issuing the
certificate.
Certificate services)?
Not that I am aware of. Some authorities will issue client certs for short
periods I think. The only real way to get a free one is have your own
certificate authority setup and isue them yourself.


--
- Paul Glavich
Microsoft MVP - ASP.NET

I would appreciate if some one answers these queries.
Thanks in advance.

If My web server is SSL enabled, then why should I havea client

certificate authentication? what extra security it provides? Can I use
client certificate without having SSL connection?

How do I get the Client Certificate? Is it necessary to be issued from the

same webservice server i want to use? Or I can get it from any CA e.g
verisign?

 

[Guest]

Now I need your further help. I hope i am not troubling a lot.

I setup a SSL on my webserver using versign trial certificate.
My webservices using their proxies (from windows application) works fine with implementing ICertificatePolicy class. But If I configured my site to "Accept client certificate" and try to send the same certificate using proxy.ClientCertificates.Add method. My webservice never receives the certificate (using the Context.Request.ClientCertificate). I even do no receive any error?

What could be the cause? I don't know how to get the client certificate from verisign? Can you guide me?

Thanks

Dinesh

 

[Paul Glavich [MVP - ASP.NET]]

Replied to your personal address, since you sent it to mine.

--
- Paul Glavich
Microsoft MVP - ASP.NET

Now I need your further help. I hope i am not troubling a lot.

I setup a SSL on my webserver using versign trial certificate.
My webservices using their proxies (from windows application) works fine

with implementing ICertificatePolicy class. But If I configured my site to
"Accept client certificate" and try to send the same certificate using
proxy.ClientCertificates.Add method. My webservice never receives the
certificate (using the Context.Request.ClientCertificate). I even do no
receive any error?

What could be the cause? I don't know how to get the client certificate

from verisign? Can you guide me?