identifying clients with certificate serial number
[268 byte] By [alexxelaa] at [2007-10-1 21:29:59] 
Hi,I use client certificates to identify connections to my server, the client certs are signed by my own CA.Is it secure then, to identify the clients by their serial number certificate and let ssl do the rest of the job ?Regardsalex
without any more details, I would guess the answer is yes.
ghstarka at 2007-7-13 3:25:08 >
Ok,
In fact I wanted to be sure that the certificate footprint is veryfied in every ssl handshake, and that the serial number is part of the hash.
It seemed to me obvious but I realised, for instance, that the validity date of the certificate is not checked automatically during ssl handshake, do you think it is a normal behavior ?
alexxelaa at 2007-7-13 3:25:08 >
Yes, the serial number of the is part of the signed data. The validity period of the certificate is checked as part the handshake. Why do you say it is not chcked?
ghstarka at 2007-7-13 3:25:08 >
Security New Topic
- Hope.. to hear interaction about this.. issue of fobs4jmf and jmf itself
- How to setup ant application's permissions?
- Problems creating a DataSink
- set frame rate
- anyone can tell me that why the graphics2D cannot translate coordinate?
- multiple connections on a single socket simultaneously
- How to config JSSE?
- Password Based Encryption
Security Hot Topic
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding