Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersClient Certificate to be Assigned by a 3rd Party Authority
jimbob79

673 posts

Ultimate Geek


#228875 26-Jan-2018 20:19
Send private message

So I'm working an on a new project that consuming Web Services (WSDL) through a Gateways Service. I need to provide username & password PLUS a Client Certificate X.509 as they are enforcing Mutual TLS connection. 


However, I have found plenty of examples in creating a self-assigned certificate but the Gateway Service provider requires that the Client Certificate need to be issued via a 3rd Party Trusted Certificate Authority. Which CA providers will issue an x.509 Client Certificate? 


Historically I've used LetsEncrypt, but they don't offer this kind of service.  


What do I need to google for?

Create new topic
jimbob79

673 posts

Ultimate Geek


  #1947326 26-Jan-2018 20:33
Send private message

Xero has an example of creating the necessary cert for their application 

 

 

 

openssl genrsa -out privatekey.pem 1024

 

openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825

 

openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer

 

But their example publickey.cer file says it's not trusted.

 

 

 

 
 
 
 

Lenovo computer and accessories deals (affiliate link).
marpada
434 posts

Ultimate Geek


  #1947337 26-Jan-2018 21:09
Send private message

Google 'managed PKI'. Probably outrageously expensive though.

ANglEAUT
1941 posts

Uber Geek

Trusted
Lifetime subscriber

  #1947398 27-Jan-2018 06:31
Send private message

Or, if you have your own server, create your own CA, get it signed by the many CA's out there and then create any type of certificate you want?




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.



itxtme
2050 posts

Uber Geek


  #1947404 27-Jan-2018 07:48
Send private message

IcI:

 

Or, if you have your own server, create your own CA, get it signed by the many CA's out there and then create any type of certificate you want?

 

 

 

 

lcl is correct, you will need to do it based on the IP/Domain that is consuming the resource otherwise it will fail as in be untrusted.   x.509 Client Certificate is just a PEM format is it not?  If so namecheaps commodo can provide those.

jimbob79

673 posts

Ultimate Geek


  #1947424 27-Jan-2018 09:45
Send private message

itxtme:

 

IcI:

 

Or, if you have your own server, create your own CA, get it signed by the many CA's out there and then create any type of certificate you want?

 

 

 

 

lcl is correct, you will need to do it based on the IP/Domain that is consuming the resource otherwise it will fail as in be untrusted.   x.509 Client Certificate is just a PEM format is it not?  If so namecheaps commodo can provide those.

 

 

 

 

I guess this where I'm getting confused. I have not found one CA that will Issues Client Certificates/Mutal Certificates/M2M/X.509.  Have found lots of instructions about creating the Self-assign certs but they just say "Get this assigned by a trusted CA", but how?

Lias
5227 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1947828 28-Jan-2018 12:34
Send private message

marpada:

 

Google 'managed PKI'. Probably outrageously expensive though.

 

 

We looked at that at my last job, got two quotes, both were well into 6 figures.. strangely enough that went nowhere lol.

 

 

 

 




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

jimbob79

673 posts

Ultimate Geek


  #1947848 28-Jan-2018 14:46
Send private message

Lias:

 

marpada:

 

Google 'managed PKI'. Probably outrageously expensive though.

 

 

We looked at that at my last job, got two quotes, both were well into 6 figures.. strangely enough that went nowhere lol.

 

 

 

 

 

 

 

 

Eek! 



ANglEAUT
1941 posts

Uber Geek

Trusted
Lifetime subscriber

  #1947945 28-Jan-2018 21:06
Send private message

jimbob79: I guess this where I'm getting confused. I have not found one CA that will Issues Client Certificates/Mutal Certificates/M2M/X.509.  Have found lots of instructions about creating the Self-assign certs but they just say "Get this assigned by a trusted CA", but how? 

 

     

  1. Install your own CA (certificate authority)
  2. Create a CSR (certificate signing request) on your CA and submit to your favourite Third party CA. They will have instructions available for your platform.
  3. Follow these instrcutions to create a code signing template: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md
  4. Issue code signing template and verify the previous step worked.
  5. Modify / create new template matching your requirements.
  6. Profit




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

Create new topic





News and reviews »

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47

Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43

Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33

The OPPO Find N3 Launches Globally Available in New Zealand Mid-November
Posted 20-Oct-2023 11:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Lenovo






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.