filmov
tv
CyberArk's Central Credential Provider - Client Certificate Authentication
Показать описание
CyberArk's Joe Garcia takes the Central Credential Provider and configures it for Client Certificate Authentication. Once completely configured, he shows how to configure an Application ID for accessing secrets in a Safe and shows how you can test it was setup properly using available tools.
Related Videos
==============
CyberArk Resources
==================
InfamousJoeG in the Wild
=======================
Q: Why does Client Certificate Authentication with CyberArk's CCP require both the certificate and private key to be sent with the GET request?
A: Certificates on their own are only public pieces of information. What links a public key certificate to the name it contains is the fact that whoever has legitimate control over that name (e.g. your name or your server's name) also has the private key for it.
Certificates are used to prove the identity of the remote party by challenging the remote party to perform an operation that can only be done with the corresponding private key: signing something (which can be verified with the public key) or deciphering something that was encrypted with the public key. (Both can happen in the SSL/TLS handshake, depending on the cipher suite.)
In this case, they also want to use client-certificate authentication. It's not enough to send the client certificate during the handshake: the client must also prove it has the private key. Otherwise, anyone who receives that certificate could clone it. The point of using certificates is to prevent any cloning, in such a way that you never have to show your own secret (the private key).
Related Videos
==============
CyberArk Resources
==================
InfamousJoeG in the Wild
=======================
Q: Why does Client Certificate Authentication with CyberArk's CCP require both the certificate and private key to be sent with the GET request?
A: Certificates on their own are only public pieces of information. What links a public key certificate to the name it contains is the fact that whoever has legitimate control over that name (e.g. your name or your server's name) also has the private key for it.
Certificates are used to prove the identity of the remote party by challenging the remote party to perform an operation that can only be done with the corresponding private key: signing something (which can be verified with the public key) or deciphering something that was encrypted with the public key. (Both can happen in the SSL/TLS handshake, depending on the cipher suite.)
In this case, they also want to use client-certificate authentication. It's not enough to send the client certificate during the handshake: the client must also prove it has the private key. Otherwise, anyone who receives that certificate could clone it. The point of using certificates is to prevent any cloning, in such a way that you never have to show your own secret (the private key).
Комментарии