PTT數位生活區 / Prob_Solve (計算數學 Problem Solving)

[問題] 一個關于SSL,CDP和 x509的問題

看板Prob_Solve (計算數學 Problem Solving)作者outdance (美國要掛了，我會失業嗎)時間16年前 (2009/01/12 21:50)推噓0(0推 0噓 1→)

留言1則, 1人參與討論串1/1

我的頭解決不了這問題，到處在尋求答案要是誰有點思路，小弟定當感激不盡，下面是他的問題 The current task we are doing is two factors authentication, which is used to authenticate users against both their client certificates and their accounts . Now we configured a web server successfully, which requires clients certificates when users access it. And then try to make it working with SiteMinder( the SSO application). We need use SiteMinder to validate both of the users certificates and user accounts. But after we installed SiteMinder agent for the web server, the SiteMinder can not get the clients certificates from web server side. The information we got is that there are something in IIS preventing SiteMinder from getting the clients certificates. SiteMinder support said we need disable a option in IIS, named CDP checking. CDP means CRL Distribution Point, and CRL means Certificate Revocation List . Actually, we disabled the CRL checking of IIS by setting CertCheckMode to 1 in IIS. But it doesn't resolve this problem. All members in SSO team are not familiar with x509 certificate and advanced SSL configuration for IIS. So we want ask for helps from who are experienced in x509 certificate, SSL configuration for IIS, especially CRL and CDP. If anybody are familiar with SiteMinder x509 configuration, it will be perfect. -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 60.177.98.248 ※ outdance:轉錄至看板 NetSecurity 01/12 22:03