Re: [Handle-info] Authentication using existing client certificates

[Robert R Tupelo-Schneck <schneck@cnri.reston.va.us>]

I'm afraid there's no way to configure the handle server to accept your client certificates directly.

You could get the public key from your client certificate, create a handle with an HS_PUBKEY value with that public key, and create a new client certificate using the same keys and the same CN but also having a UID.  Let us know if you want to do that and need assistance.

With more effort, you could write an authenticating proxy to the handle server, which accepts your client certificate and then connects to the handle server using some other authentication.

Robert

> On Feb 24, 2020, at 10:43 AM, Weng, Franziska <fweng@geomar.de> wrote:
> 
> Hi,
> 
> we would like to use existing client certificates (x509) for authentication instead of creating new certificates (like described here http://www.handle.net/mail-archive/handle-info/msg00816.html). Our existing client certificates contain CN in the form of /CN=Firstname Lastname (space between firstname and lastname!). UID is not used. How can we achieve that we can authenticate on the web interface of the handle server using these as client certificates?
> 
> Best regards
> 
> Franziska
> 
> -- 
> Franziska Weng
> Information, Data and Computing Centre
> GEOMAR
> Helmholtz Centre for Ocean Research Kiel
> Wischhofstr. 1-3
> D-24148 Kiel, Germany
> 
> Room: 01/111 (Entrance 2)
> Tel: +49 (0)431 / 600-2173
> E-Mail:fweng@geomar.de
> https://www.geomar.de
> 
> 
> _______________________________________________
> Handle-Info mailing list
> Handle-Info@cnri.reston.va.us
> http://www.handle.net/mailman/listinfo/handle-info

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info