[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Authentication using existing client certificates



Hi Robert,

thank you for your quick response. Is my understanding correct, that the handle server always uses the given UID information (index of public key or certificate entry:prefix/suffix) to look up the public key or certificate and to check if the public key or certificate referenced by the UID matches the provided private key?

Best regards

Franziska


Am 24.02.20 um 16:56 schrieb Robert R Tupelo-Schneck:
I'm afraid there's no way to configure the handle server to accept your client certificates directly.

You could get the public key from your client certificate, create a handle with an HS_PUBKEY value with that public key, and create a new client certificate using the same keys and the same CN but also having a UID.  Let us know if you want to do that and need assistance.

With more effort, you could write an authenticating proxy to the handle server, which accepts your client certificate and then connects to the handle server using some other authentication.

Robert

On Feb 24, 2020, at 10:43 AM, Weng, Franziska <fweng@geomar.de> wrote:

Hi,

we would like to use existing client certificates (x509) for authentication instead of creating new certificates (like described here http://www.handle.net/mail-archive/handle-info/msg00816.html). Our existing client certificates contain CN in the form of /CN=Firstname Lastname (space between firstname and lastname!). UID is not used. How can we achieve that we can authenticate on the web interface of the handle server using these as client certificates?

Best regards

Franziska

--
Franziska Weng
Information, Data and Computing Centre
GEOMAR
Helmholtz Centre for Ocean Research Kiel
Wischhofstr. 1-3
D-24148 Kiel, Germany

Room: 01/111 (Entrance 2)
Tel: +49 (0)431 / 600-2173
E-Mail:fweng@geomar.de
https://www.geomar.de


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

--
Franziska Weng
Information, Data and Computing Centre
GEOMAR
Helmholtz Centre for Ocean Research Kiel
Wischhofstr. 1-3
D-24148 Kiel, Germany

Room: 01/111 (Entrance 2)
Tel: +49 (0)431 / 600-2173
E-Mail: fweng@geomar.de
https://www.geomar.de


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info