authentication with client certificate

Hello,

I was going to add an entry in the JIRA for djigzo but I thought I would
run it past here first to collect feedback if it could be a useful
enhancement for others as well:

Give the ability to authenticate administrators based on client
certificates, if present. We already have a certificate store so why not
use it as well to allow admins to identify themselves for critical
roles.

I am not sure a similar functionality would be relevant at all for the
portal, since I believe only end-users with PDF encryption would end up
there, and if they do it means they do not have a certificate in the
first place.

Also, and that is a separate topic, is there any plan that end-users
would be able to connect to the admin interface (restricted view
obviously) to be able to manage their own certificates?

Regards,

Stephane

I was going to add an entry in the JIRA for djigzo but I thought I would
run it past here first to collect feedback if it could be a useful
enhancement for others as well:

Give the ability to authenticate administrators based on client
certificates, if present. We already have a certificate store so why not
use it as well to allow admins to identify themselves for critical
roles.

I am not sure a similar functionality would be relevant at all for the
portal, since I believe only end-users with PDF encryption would end up
there, and if they do it means they do not have a certificate in the
first place.

You should be able to configure client certificate authentication but I
have not tested this. This will however not use the CipherMail
certificate store since authentication with client side certificates is
done with Tomcat. I also think that it's better to have a separate store
for authentication and for certificates used for S/MIME.

Client side certificate authentication is in principle supported by
Spring security. I have however not tested this. For more information see:

http://docs.spring.io/spring-security/site/docs/2.0.x/reference/html/x509.html

Also, and that is a separate topic, is there any plan that end-users
would be able to connect to the admin interface (restricted view
obviously) to be able to manage their own certificates?

Instead of providing this functionality by allowing end user to log into
the admin, it's better to add this functionality to the portal.

Kind regards,

Martijn

ยทยทยท

On 08/25/2014 08:01 AM, Stephane Schitter wrote:

--
CipherMail email encryption

Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.

http://www.ciphermail.com

Twitter: http://twitter.com/CipherMail