Renewing my identity
I work with software on websites that request client certificates. The reason for this is to promote the single-sign-on ability of our software over secure connections. It works out really well too, I might add.
After I had setup a database on a demonstration laptop, I tried to test the software to verify the installation was successful. I kept getting complaints that my certificate was either invalid or expired. I went ahead and setup the software to trust the issuing authority of my certificate and I still had the same message.
Has it been a year already? Well, I paid a visit to thawte and sure enough my personal certificate had expired 3 days ago. I tried exporting some of the internal certificates I had been assigned, but I didn’t have the option to do so. Also, it was kinda late and the person who responsible for issuing internal certificates was not available.
I made a request for my certificate to be renewd. I saw the status of pending and got a little worried that I wouldn’t be able to get it tonight. After five minutes, it was available and I was happy. I installed it, exported it, and imported it to the laptop. I tested our software and it worked! Oh, the little joys of life …
Tags: Thawte, Security, Troubleshooting, Installation, Software, SSL, https, Certificates, Expiration, Work
August 18th, 2005 at 4:31 am
Hey.. since you’ve done the single sign on thing with certificates, do you think you could show me some sample code?
I’ve never done that before and I’m interested in seeing how it works.
August 18th, 2005 at 5:10 am
Hiya Krozy. Maybe I could, maybe I would. I’m always busy though. I’ll tell you what - it has to do with the Request.ClientCertificates collection. Once you can identify the unique key, you are home free from there on. You just map it to the users account. Don’t forget, the user may require have multiple certificates mapped to there account. So make sure you have a one-to-many relationship in your database.
August 22nd, 2005 at 5:59 am
Something about that description sounds exceedingly insanely downright straightforward and easy in .Net. — Any thoughts on how that works with Java?
August 22nd, 2005 at 6:26 am
Never worked with JAVA itself. Usually I end up translating things from JAVA to C#. I never heard of certificates with JAVA.
Yea, Certificates is really really easy with .Net. Also pretty easy with plain old ASP too. You have the ID of the issuer, and the ID of the person themselves. Of course, don’t forget that someones certificate might expire (like mine) and they will need to renew it.