« Hacking Ruby on Rails @ RailsWayCon09 | Main | [WebAppSec] Twitter's admin panel compromised »
Tuesday
May122009

Securing A Website With Client SSL Certificates 

DateTuesday, May 12, 2009 at 2:57PM

In the comments of the last article Morgan came up with the idea of client SSL certificates to secure the admin panel. This is not authentication in a classical sense, it is saying which SSL certificates (which you self-signed) you allow to access a particular site. This is a better solution than limiting the access to various IP adresses when you are a work nomad and you have to access it from different parts in the world.

The steps to do this are:

  1. Setup OpenSSL to become a Certificate Authority (CA)
  2. Create a root CA key
  3. Create a key for the (sub)domain in question
  4. Setup your web server
  5. Create a client certificate and install it in your browser

Here is the HOWTO: Securing A Website With Client SSL Certificates

AuthorHeiko | Comment4 Comments |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (4)

There is one really annoying feature of using SSL certificates ... they always expire when it is the least convinient :P

But, I am sure that someone resourceful is able to figure out some decent practices that makes handling soon to expire certificates easy :-)

May 12, 2009 | Unregistered CommenterMorgan Roderick

This is major issue in our country. We use client certificates for government (taxes,
registrations, ...), online banking, colleges, stock market investments, ... And that
use ordinal people not just corporate users. In Slovenia we have government official
CAs, that are issuing certificates for free to each person, so there is basically a
requirement when doing anything officially online.
I suggest promoting this issue to a bug (not feature) due to not completely
supporting SSL standard.
There are users that are contacting us regarding Chrome support, and we would like to
at least give them some kind of more official date regarding this bug in Chrome.

July 23, 2009 | Unregistered CommenterGabriel Celibataire

I think that there should be a way to handle it. SSL certificates can be quite problematic at times when it comes to expiiring.

July 28, 2009 | Unregistered CommenterMike kredyt gotówkowy kalkulator

That's true, SSL certificates always expire when you need them the most...and it's really annoying! There must be another way to handle it

November 16, 2009 | Unregistered CommenterFelipe Quedar

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.