Questions tagged [mutual]

41 questions
22
votes
1 answer

How do "Confidence images" on my bank's login page improve security?

My bank recently changed their login process to show a preselected image which they label a "Confidence image" - ostensibly to allow a human website user to authenticate the bank's website as not being a spoof. The old login process was: Visit…
Dai
  • 1,686
  • 1
  • 13
  • 20
6
votes
3 answers

haproxy with client certificate authentication signed by 'common' CA

Excuse me if I posted this here wrongly, I know the question is partly about haproxy itself. I am setting up haproxy as an SSL terminator/load balancer in front of an API that we need to expose over the internet to a customer. The plan was to use…
Sartsj
  • 101
  • 1
  • 5
5
votes
1 answer

Trust in mutual TLS on chain of certificates in multi-intermediate-CA configuration

Could you please help me to understand whether a client's certificate will be accepted by a server as valid during mutual TLS challenge based on diagram below? The client side knows nothing about server's Intermediate CA B, and vice versa a server…
Viacheslav
  • 153
  • 1
  • 3
4
votes
2 answers

SSL/TLS Client Authentication by IP

Is there any mechanism in SSL/TLS which allows a certificate to be bound to a device? Example: There is a client who talks to a server, and during SSL/TLS setup, there is mutual authentication. The server verifies that the client presented a…
JZeolla
  • 2,936
  • 1
  • 18
  • 25
4
votes
1 answer

How can you test Mutual Auth connections?

We're trying to migrate our system from a private data center to a public one (AWS). There are other systems we have no control over that communicate with the one in the private data center. They communicate to us using Mutual Authentication. We…
3
votes
1 answer

Mutual authentication in OpenVPN

I have an OpenVPN gateway setup. A CA was created on the same server with Easy-RSA. Each OpenVPN client has its own certificate-key pair issued with the aforementioned CA. Server has its own certificate and a private key. While client's certificate…
3
votes
1 answer

Does the CA have to be same for mutual authentication?

I'm trying to establish mutual authentication between my Tomcat server and my customer's firewall. The server certificate we have is from Digicert (Root CA) and RapidSSL (intermediate). The certificate chain in the ServerHello block is from…
3
votes
3 answers

Mutual Authentication - client authentication to the server via IP / FQDN?

I'm trying to get a better understanding of the Server / Client Mutual Authentication process in a TLS1.2 mutual authenticated session. My understanding is that the client is able to fully authenticate the server's identity also relying on the FQDN…
Ottootto
  • 123
  • 1
  • 6
2
votes
2 answers

Can mutual TLS work with a self-signed client certificate?

Is it conceptually possible to allow in the server a specific self signed client certificate for mutual TLS? If possible but not recommended. Why? I have a client to who I have to provide a server that does mutual TLS auth. But they say they wont…
2
votes
1 answer

client_id vs distinguished name in mutual tls

i am reading this in the OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens What is the difference between a client_id and a distinguished name? I see in the PKI Mutual-TLS Method that the distinguished name of the client…
loutsi1
  • 41
  • 7
2
votes
4 answers

Differentiating server and client in Mutual TLS authentication

When authenticating the client side with a certificate that is also verified by our self-signed ca certificate that verifies server certificate, I think It's possible for clients to perform a MITM attack and order other clients. Maybe I'm wrong but…
shark
  • 23
  • 4
2
votes
2 answers

Mutual SSL (CCA) with TLS 1.x: how is appropriate certificate selected by the client and does it send chain or single certificate?

We have an interesting discussion between the server operator team and the developers of a client application. Our setup in general is like this: There is a root-ca, let's call it "root-1". This has a sub-ca, let's call it "sub-1". Both are…
Rambler
  • 21
  • 1
2
votes
1 answer

Win2012R2 TLS1.2 Mutual authentication - change cipher specs from server side after no certificate from client?

I am testing a .net based application running on a Win2012r2 server providing a http-based web services and relying on windows's SChannel for implementing tls1.2 mutual authentication against tls1.2 only capable clients. Mutual authentication has…
Ottootto
  • 123
  • 1
  • 6
2
votes
1 answer

TLS 1.2 mutual authentication certificate based standard

I'm running an analysis on a TLS1.2 mutual authentication certificate-based client-server implementation and I'm wondering if there's a RFC or a reference document covering the handshake process when it comes to mutual authentication between server…
Ottootto
  • 123
  • 1
  • 6
1
vote
1 answer

Pre-Requisites for Mutual Authentication

For Mutual Authentication, the client must contain the CA certificate of the Server and his own Certificates, and the server must contain the CA certificate of the Client and his own Certificates.In this way , the Server may contain multiple…
Smrithi
  • 11
  • 1
1
2 3