SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Installable certificates for safety of an application

    I know about installable certificates but I don't know how to make it. Here is how it works:

    Website application owner creates a certificate for a particular browser (may be the client of the application). This certificate file will will installed into the client's web browser.
    Only then, the client will be able to access the website.

    No other public users will be allowed to visit the website.
    This application of the website really needs that much of securities.

    Further more, the the owner sets a password to each certificates and installs them to the clients computer. The human staffs at the client do not know the password of the certificate they have to install (the owner does this instead).

    Would you please let me know how to create it, attach to Apache? Plus create .cert files to install in client's browsers?

    Thanks.
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Bimal,

    Sorry it took overnight to respond.

    I've never seen a situation where the recipient must have a security certificate. That's normally only for servers. Of course, you can add layers upon layers of password protected directories and PHP driven sessions (with their own username/password verification sets) but what you've described is beyond me.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The case I saw was with funds transferring application (.jsp files).
    The browser must install the certificate to load the page.
    Being sensitive application directly related to people's money, the web application does not run without having proper certificate. After a small attempt to find the info, I have these two links to show you similar:

    http://www.niu.edu/its/internet/cert...ape_cert.shtml
    http://www.niu.edu/its/internet/cert...era_cert.shtml

    This files are created in server, integrated with Apache - at the funds transering application server.
    And a copy of customized certificate installed on the client's browser (who uses the web application to run the funds transfer application).

    You can correct me, if I am wrong, or saw the process diffently.
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Bimal,

    I wouldn't think of correcting you when I don't fully understand something.
    Quote Originally Posted by NIU
    What is a Security Certificate?

    A security certificate acts as the key to decrypt encrypted messages by an authenticated message receiver. NIU uses the Secure Socket Layer (SSL) for transmitting and accepting secure information (such as passwords) and for encrypting entire sessions that contain confidential information. SSL is a standard method for protecting web communications by providing message encryption and authentication.

    By accepting the NIU certificate you add NIU to the list of trusted certificating authorities your computer acknowledges and approves.

    Installing the NIU security certificate will prevent warning messages from being displayed as NIU web-based applications requiring authentication. Since (in general) browsers do not share data, a certificate installed into Internet Explorer will not work for Firefox and vice-versa.
    To me, that says that NIU is asking you to accept them as a certificating agent (rather than Thawte, Comodo, et al).
    Quote Originally Posted by NIU
    Installing the NIU Security Certificate for Firefox

    The NIU Security Certificate will prevent warning messages from being displayed when opening NIU web-based applications requiring authentication.
    All that tells me is that, when you accept NIU as a Certificate Authority (CA), you will not receive a warning (invalid CA) in the browser you've used to accept their CA. Nothing more.

    To my reading, that only verifies my original impression that you are not exchanging certificates with your visitor, only disabling a warning for an invalid CA. If you need to transmit encrypted data between two sites, I think you should think about using PGP which will be a public key/private key encryption (in each direction) and you CAN setup your server to use PGP, too (although I've not done that nor have I looked into how to do that).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •