Question Client certificates

Deebs · Feb 3, 2012

How many of you use client certificates for authentication? Been working on a project at work and have got myself involved heavily into smartcards and client certificates (used to authenticate amongst other things). In other words, PKI.

Vae · Feb 3, 2012

Deebs said:
How many of you use client certificates for authentication? Been working on a project at work and have got myself involved heavily into smartcards and client certificates (used to authenticate amongst other things). In other words, PKI.

If it's what I think it is (A digital certificate held locally) then I use them with Bank of Ireland and the Irish revenue at work. Nothing in the UK though.

Deebs · Feb 3, 2012

Vae said:
If it's what I think it is (A digital certificate held locally) then I use them with Bank of Ireland and the Irish revenue at work. Nothing in the UK though.

It is

Go sign up at cacert.org....

Vae · Feb 3, 2012

Deebs said:
It is Go sign up at cacert.org....

Why? Seriously I'm not too au fait with the idea. I can see how it works with Bank of Ireland and the Irish Revenue where I had to generate a digital certificate as part of the setup procedure (e.g. random key presses and mouse clicks) but with no requirement for that with any UK sites what does it do...?

soze · Feb 3, 2012

We have one customer with them but they cost a lot to set up the Microsoft way. You need 5 CA's. I am very neutral with them tbh 95% of our customers have no need for them.

Deebs · Feb 3, 2012

eh? cacert.org do not charge any money...

GReaper · Feb 4, 2012

Only time I ever use a client certificate is to renew my SSL certificates from StartSSL. Apart from that, I've never had a reason to use them at all.

Cadelin · Feb 4, 2012

GReaper said:
Only time I ever use a client certificate is to renew my SSL certificates from StartSSL. Apart from that, I've never had a reason to use them at all.

Dumb question: Whats the difference between a client certificate and a personal certificate?

GReaper · Feb 4, 2012

A client certificate authenticates you to the server in a similar way to a server certificate. A server certificate is signed by a 3rd party to say that "www.example.org" is really the server you're connecting to, a client certificate is also signed by a 3rd party to tell the server that "Joe Bloggs" is the real Joe Bloggs.

Most sites won't bother with any of this as it's usually easier to ask for a username and password as security.

Cadelin · Feb 4, 2012

GReaper said:
A client certificate authenticates you to the server in a similar way to a server certificate. A server certificate is signed by a 3rd party to say that "www.example.org" is really the server you're connecting to, a client certificate is also signed by a 3rd party to tell the server that "Joe Bloggs" is the real Joe Bloggs.

Most sites won't bother with any of this as it's usually easier to ask for a username and password as security.

In that case, personal and client certificates are the same thing. Which means I use them all the time. In my browser I have my personal certificate which was signed by the UK E-science CA (https://ca.grid-support.ac.uk/cgi-bin/pub/pki?cmd=getStaticPage&name=index) and I use it for a lot of my CERN work.

GReaper · Feb 4, 2012

Ah, didn't fully read your question - hence the explaining a client and server certificate!

Question Client certificates

Deebs

Chief Arsewipe

Vae

Resident Freddy

Deebs

Chief Arsewipe

Vae

Resident Freddy

soze

I am a FH squatter

Deebs

Chief Arsewipe

GReaper

Part of the furniture

Cadelin

Resident Freddy

GReaper

Part of the furniture

Cadelin

Resident Freddy

GReaper

Part of the furniture

Users who are viewing this thread