Need Suggestions on web server security using SSL.
From: Ken Varn (nospam)
Date: 09/24/04
- Next message: kevin: "Re: Using DUA"
- Previous message: Doug Hoeffel: "Re: Using DUA"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 24 Sep 2004 14:23:13 -0400
We are in the process of building a spec. for a network based embedded
device that uses remote web browser configuring. The user will basically
have a logon and password that can be used to access the device. There
could be multiple devices on the network. The customer basically will set
the workstation ID and IP address locally on the device.
We are considering using SSL to protect the logon identity of the user that
accesses our device through Internet Explorer, however, we are limited in
our knowledge of using SSL. One of the bottlenecks that we are trying to
figure out is that an SSL certificate is bound by the ID of the box. If the
user is in control of changing the ID, we need to be able to generate a
certificate that matches that box on the fly. Is there such a mechanism for
doing this or should be looking at a different solution?
The whole SSL thing seems to be tailored around one or more centralized web
servers. Our customers may install hundreds of our devices on their
network. We want to insure the security of the logons to these devices, but
still somehow be able to manage the certificates automatically if the device
ID changes. The use of a trusted authority for generation of the
certificate does not sound like a viable option, we would generate the
certificate ourselves.
Can someone give me information on where I can find out how to incorporate a
solution to using web browser encryption in embedded devices?
- Next message: kevin: "Re: Using DUA"
- Previous message: Doug Hoeffel: "Re: Using DUA"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
