SSL client auth: access the entire certificate chain

  • Thread starter Innokentiy Ivanov
  • Start date

I

Innokentiy Ivanov

Hello,

Can anybody help me in solving the following problem. My web application
needs to access all the certificates (the entire certificate chain) provided
by the client side. As far as I can see, HttpRequest.ClientCertificate gives
access only to the end-entity certificate. Is there a possibility to access
other (CA and intermediate CA) certificates provided by the client side?

Thank you in advance,

With best regards,
Innokentiy Ivanov
EldoS Corporation
 
Ad

Advertisements

I

Innokentiy Ivanov

Hello!
You wrote on Wed, 8 Feb 2006 09:19:39 +0000 (UTC):

DB> 1.1 or 2.0 ?

Actually, it would be excellent to find a solution for both versions.

With best regards,
Innokentiy Ivanov
 
D

Dominick Baier [DevelopMentor]

Hi,

in 2.0 you can convert the HttpClientCertificate to a X509Certificate2 -
which can be fed into a X509Chain object - this might give you what you want.

in 1.1 there is only interop with CAPICOM - and i am not sure if this will
help you (never tried it)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello!
You wrote on Wed, 8 Feb 2006 09:19:39 +0000 (UTC):
DB>> 1.1 or 2.0 ?
DB>>
 
I

Innokentiy Ivanov

Hello!
You wrote on Wed, 8 Feb 2006 09:35:01 +0000 (UTC):

DBD> in 2.0 you can convert the HttpClientCertificate to a X509Certificate2
DBD> - which can be fed into a X509Chain object - this might give you what
DBD> you want.
DBD> in 1.1 there is only interop with CAPICOM - and i am not sure if this
DBD> will help you (never tried it)

Thank you very much for your prompt response, it helped me much.

With best regards,
Innokentiy Ivanov
 
R

Robson Carvalho Machado

Dear Friends,

Can you show me how to do this using CAPICOM?

I'm trying to use IIS request.clientcertificates to feed CAPICOM.certificate
object but it is not working.
Thanks
 
Ad

Advertisements

R

Robson Carvalho Machado

Dear friends,

please, ignore my question.
The problem was already solved.

TIA
 

Top