[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Authentication using existing client certificates

To: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>
Subject: Re: [Handle-info] Authentication using existing client certificates
From: "Weng, Franziska" <fweng@geomar.de>
Date: Tue, 25 Feb 2020 11:16:09 +0100
Cc: Handle-Info@cnri.reston.va.us, Carsten Schirnick <cschirnick@geomar.de>
Delivered-to: handle-info-archive@cnriweb-cogent.cnri.reston.va.us
Delivered-to: handle-info@cnriweb.cnri.reston.va.us
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=geomar.de; s=20180612; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Sender:Reply-To:Content-Transfer-Encoding:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=sVlZfOCwGgxCMieuC3znNBEWoJPTejoOKfMkcpMt8CI=; i=@geomar.de; b=1yUmw2knl7Qt 8bVG5lRpgabnqkD1bxsHI3j5S2q7tyoSNPq6S8CQ7FGlBujQnd7eDPFayyTYme6ggrQRTARhDZYqi xxQfatFSidr+sjsthYSkkR2Er+D2S7Vv/5ZbCoYy6HkDu8q28eZeDCYLb7yj9BZq1JP4kfgqBuPVD ewfBw=;
In-reply-to: <902ffba6f58d98340005640134.0323c2c6cc.1F5702B9-0966-4F2F-A649-318BC5E4358E@cnri.reston.va.us>
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: "Handle.Net Mailing List" <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/options/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
Organization: GEOMAR Helmholtz Centre for Ocean Research Kiel
References: <550b7210-cfe0-b75f-61b2-f429aeb57a17@geomar.de> <1F5702B9-0966-4F2F-A649-318BC5E4358E@cnri.reston.va.us>
Sender: handle-info-bounces@cnri.reston.va.us
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.4.2

Hi Robert,

thank you for your quick response. Is my understanding correct, that thehandle server always uses the given UID information (index of public keyor certificate entry:prefix/suffix) to look up the public key orcertificate and to check if the public key or certificate referenced bythe UID matches the provided private key?


Best regards

Franziska


Am 24.02.20 um 16:56 schrieb Robert R Tupelo-Schneck:

I'm afraid there's no way to configure the handle server to accept your client certificates directly.

You could get the public key from your client certificate, create a handle with an HS_PUBKEY value with that public key, and create a new client certificate using the same keys and the same CN but also having a UID.  Let us know if you want to do that and need assistance.

With more effort, you could write an authenticating proxy to the handle server, which accepts your client certificate and then connects to the handle server using some other authentication.

Robert

On Feb 24, 2020, at 10:43 AM, Weng, Franziska <fweng@geomar.de> wrote:

Hi,

we would like to use existing client certificates (x509) for authentication instead of creating new certificates (like described here http://www.handle.net/mail-archive/handle-info/msg00816.html). Our existing client certificates contain CN in the form of /CN=Firstname Lastname (space between firstname and lastname!). UID is not used. How can we achieve that we can authenticate on the web interface of the handle server using these as client certificates?

Best regards

Franziska

--
Franziska Weng
Information, Data and Computing Centre
GEOMAR
Helmholtz Centre for Ocean Research Kiel
Wischhofstr. 1-3
D-24148 Kiel, Germany

Room: 01/111 (Entrance 2)
Tel: +49 (0)431 / 600-2173
E-Mail:fweng@geomar.de
https://www.geomar.de


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info


--
Franziska Weng
Information, Data and Computing Centre
GEOMAR
Helmholtz Centre for Ocean Research Kiel
Wischhofstr. 1-3
D-24148 Kiel, Germany

Room: 01/111 (Entrance 2)
Tel: +49 (0)431 / 600-2173
E-Mail: fweng@geomar.de
https://www.geomar.de

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

References:
- [Handle-info] Authentication using existing client certificates
  - From: "Weng, Franziska" <fweng@geomar.de>
- Re: [Handle-info] Authentication using existing client certificates
  - From: Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>

Prev by Date: Re: [Handle-info] 14.6.3 Basic Access Authentication
Next by Date: Re: [Handle-info] Authentication using existing client certificates
Previous by thread: Re: [Handle-info] Authentication using existing client certificates
Next by thread: [Handle-info] 14.6.3 Basic Access Authentication
Index(es):
- Date
- Thread