[問題] 一個關于SSL,CDP和 x509的問題

看板NetSecurity (資安資訊安全)作者outdance (美國要掛了，我會失業嗎)時間16年前 (2009/01/12 22:03)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

※ [本文轉錄自 Prob_Solve 看板] 作者: outdance (美國要掛了，我會失業嗎) 站內: Prob_Solve 標題: [問題] 一個關于SSL,CDP和 x509的問題時間: Mon Jan 12 21:50:36 2009 我的頭解決不了這問題，到處在尋求答案要是誰有點思路，小弟定當感激不盡，下面是他的問題 The current task we are doing is two factors authentication, which is used to authenticate users against both their client certificates and their accounts . Now we configured a web server successfully, which requires clients certificates when users access it. And then try to make it working with SiteMinder( the SSO application). We need use SiteMinder to validate both of the users certificates and user accounts. But after we installed SiteMinder agent for the web server, the SiteMinder can not get the clients certificates from web server side. The information we got is that there are something in IIS preventing SiteMinder from getting the clients certificates. SiteMinder support said we need disable a option in IIS, named CDP checking. CDP means CRL Distribution Point, and CRL means Certificate Revocation List . Actually, we disabled the CRL checking of IIS by setting CertCheckMode to 1 in IIS. But it doesn't resolve this problem. All members in SSO team are not familiar with x509 certificate and advanced SSL configuration for IIS. So we want ask for helps from who are experienced in x509 certificate, SSL configuration for IIS, especially CRL and CDP. If anybody are familiar with SiteMinder x509 configuration, it will be perfect. -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 60.177.98.248 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 60.177.98.248