* * * * *
                                        
                   Authenticating web users via SSL, part II
                                        
Back in September, I set up web authentication via signed certificates [1]
but it was primarily a manual process. After creating the certificate
authority (and installing the certificate authority into my browser so it
wouldn't complain), I then generated a certificate request (on the command
line), signed the request (on the command line) and installed the freshly
signed certificate into my browser, so I could use that certificate to
authenticate myself to my webserver.

If that makes any sense.

Obligatory Sidebar Links

* When you want a really strong security on the web, it's a good idea to use
  SSL [2]
* Netscape Client Certificate Management [3]
* spkac(1) [4]


Anyway, it is possible to have this handled automagically between the browser
and webserver [5], but sadly, there isn't much information out there about
doing so. I only found three pages with any real information; two cover the
same material, and one just covers part of the openssl command required to
work with this stuff.

And of course, it doesn't work with IE (Internet Explorer) (thank you so
much, Microsoft [6]).

[1] gopher://gopher.conman.org/0Phlog:2008/09/08.1
[2] http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/07ea5534/attachment.txt
[3] http://old.pseudonym.org/ssl/ssl_nsclient_certs.html
[4] http://www.openssl.org/docs/apps/spkac.html
[5] http://www.flutterby.com/archives/comments/11692.html#artid_40323
[6] http://www.microsoft.com/

Email Sean Conner at sean@conman.org

.