Security Basics mailing list archives
RE: How to refuse to operate if an invalid certificate is received ?
From: "Marksteiner, Stefan" <stefan.marksteiner () joanneum at>
Date: Tue, 19 May 2009 17:48:34 +0200
As far as I understand your issue, your user is using a web app via a browser. If that it is true, you can only configure the app and server to provide a valid certificate. Wheter or not a user is able to accept an invalid certificate relays to the browser, so the control eventually remains at the user. ------------------------------------------------ MarSt is a websciencemaniac stefan.marksteiner () student tugraz at http://tugll.tugraz.at/49446/weblog/8082.html -----Original Message----- Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von Andre Rodrigues Gesendet: Mittwoch, 29. April 2009 14:11 An: security-basics () securityfocus com Cc: Richard Sachsse; Arnaldo Betreff: How to refuse to operate if an invalid certificate is received ? Hi, We have some app´s that use digital certificate. But, even though the browser says the cert is invalid, the user can continue and use the app. How to configure the app, or the web server, to operate ONLY with a valid cert? Obrigado, André ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- How to refuse to operate if an invalid certificate is received ? Andre Rodrigues (May 01)
- RE: How to refuse to operate if an invalid certificate is received ? Marksteiner, Stefan (May 19)