James O'Gorman · Sep 1, 2012 · 4:54 PM UTC

James O'Gorman @jogbert

1 Sep 2012

@bensummers Might you be able to help @dsilverstone out with this problem? blog.digital-scurf.org/2012/… (As you’ve done things with SSL before…)

Ben Summers · Sep 1, 2012 · 5:02 PM UTC

Ben Summers @bensummers

1 Sep 2012

@jogbert @dsilverstone Should be possible, but you'll be fighting infrastructure all the way. Make a CA for client, sign client certs.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 1, 2012 · 8:08 PM UTC

1 Sep 2012

@bensummers @jogbert Thanks for the encouragement. Not sure how I can generate the client cert without access to the client's private key :(

Ben Summers · Sep 1, 2012 · 8:21 PM UTC

Ben Summers @bensummers

1 Sep 2012

@dsilverstone @jogbert But ask a real cryptographer, not just someone who plays one on the twitters.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 2, 2012 · 10:14 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 2, 2012 · 10:14 AM UTC

2 Sep 2012

Replying to @bensummers

@bensummers everything comes back to the private key :(

Sep 2, 2012 · 10:14 AM UTC

Ben Summers · Sep 2, 2012 · 11:55 AM UTC

Ben Summers @bensummers

2 Sep 2012

@dsilverstone That’s why your *user* needs to generate the self-signed cert for SSL client cert. On server, check public key matches, not CA

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Sep 2, 2012 · 12:41 PM UTC

2 Sep 2012

@bensummers yeah. I was hoping to do everything from the public key. Accursed certificates.