Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Integrate Digital Certificate Verification to the system  RSS feed

 
hardikkk raval
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I have been working on a web application where I need to verify the digital certificate of the user at the time of the login. We ask for the certificate at the time of registration and each time the user logs in the system.

Steps required to implement the functionality are as follow:

1. We have to display a dialogue asking "Choose your Digital Certificate" (Which is in IE Tools-->Internet Options-->Content-->Certificates).

2. User will select the certificate (registration and each time he login the system).

3. If the same certificate is found at the login time, we need to give him a access to system.

So what do I store at the time of registration ? (Entire Certificate file/Public key).

4. How do I implement the whole functionality ?

Thank you in advance for your useful solutions.



 
James Sabre
Ranch Hand
Posts: 781
Java Netbeans IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This sounds dreadfully insecure! Since certificates are public then anyone can have a copy of your certificate. Just presenting a certificate proves nothing. What matters it that the owner of the certificate should be the only person who has access to the private key that matches the public key contained in the certificate. It sounds to me like you need to use SSL/TLS (maybe though the use of HTTPS) with both client and server authentication.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!