2

Usually when I read about SSL and HTTP it says that the certificate is set up to authenticate that the host is who it says it is. Is it possible to configure the host to prevent it from processing requests except for clients that have previously installed the right ssl certificate?

if this isn't possible, any suggestions for types of technologies that could do this would be helpful.

MikeJ
  • 123
  • 1
  • 5
  • AFAIK certificates are supposed to be public. If you are looking for a mechanism to restrict access to a server I would not recommend relying on certificates. – Shurmajee Jun 23 '13 at 14:35

1 Answers1

4

It is possible to limit server connections to client with specific certificates. When using SSL/TLS it is sometimes refer as SSL client authentication or mutual authentication as the client authenticate the server and the server authenticate the client.

A free implementation of a mutual authentication using SSL/TLS we'll require to setup a Public Key Infrastructure and create a Certificate Authority (CA). Your Web Server will need to support SSL/TLS and have a certificate.

It can be done easily using OpenSSL.

Create a Certificate Authority

  • Create new CA (private key and certificate).

Create a Server certificate

  • Create new server private key and certificate request.

  • Have the new CA sign the server certificate.

Client certificate.

  • Create a client certificate request.
  • Sign the client certificate using the CA certificate and private key previously created.

Client Authentication

  • Install your CA certificate within your browser.
  • Configure your web server to authenticate users based on the provided client certificate.

Resources

Secure Web Access

What is the difference between an x.509 “client certificate” and a normal SSL certificate?

Community
  • 1
Moustache
  • 646
  • 5
  • 9