@bensummers Might you be able to help @dsilverstone out with this problem? blog.digital-scurf.org/2012/β¦ (As youβve done things with SSL beforeβ¦)
1
@jogbert @dsilverstone Should be possible, but you'll be fighting infrastructure all the way. Make a CA for client, sign client certs.
1
@bensummers @jogbert Thanks for the encouragement. Not sure how I can generate the client cert without access to the client's private key :(
2
@dsilverstone @jogbert But ask a real cryptographer, not just someone who plays one on the twitters.
1
@bensummers everything comes back to the private key :(
1
@dsilverstone Thatβs why your *user* needs to generate the self-signed cert for SSL client cert. On server, check public key matches, not CA
1
@bensummers yeah. I was hoping to do everything from the public key. Accursed certificates.
1
@dsilverstone You can't auth with a public key because it's public!
2
@bensummers Indeed. Irritatingly, I can get an RSA public key out of the SSH key, but I can't get that into SSL because it's all CERT based
Sep 2, 2012 Β· 2:58 PM UTC