Presentation is loading. Please wait.

Presentation is loading. Please wait.

TAGPMA Twiki ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution.

Published byAsher Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "TAGPMA Twiki ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution."— Presentation transcript:

1 TAGPMA Twiki http://tagpma.es.net

2 ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution -----End Certificate Request----- Agenda

3 Virtual Web Server ESnet is been using TWiki for its own business internal/external ESnet uses a specific version of Twiki & default template they use to host any new TWiki TAGPMA is one of them Security – Machine, OS, Patches

4 Certificate Based Authentication Check in and Check out caused problem by enabling Certificate based authentication Modified the check-in and check-out module to replace the “space“ to “_”; which worked So the long modified subject DN in LDAP order showed up on all the pages –We wanted to reverse the order –Cut all the components except the CN –Wanted to derive the WikiName from the SubjectDN to avoid wikiname errors

5 Certificate Based Authentication Apache Config Mostly httpd-ssl.conf file SSLOptions +OptRenegotiate TWiki Modules: ~/lib/TWiki.pm ~/data/TWiki/TWikiRegistration.txt

6 Registration Automation Pre-Registration & TWiki Registration: We couldn’t extract the SubjectDN, if we simply accept the the certificate based on the trust root Certificate Authorities We need to have a.htpasswd at apache level to extract the SubjectDN at Twiki level Initially we had a separate web server just to do the SSL Client authentication to generate the.htpasswd file (Pre-Registration) Continued…

7 Registration Automation Then we were able to extract the SubjectDN and pre-fill the Twiki registration Then we combined the Pre-Registration with the Twiki Registration

8 Problems&/Solutions Pre-registration and Twiki registration is not stable because Pre-Registration is supposed to be open to all but the Twiki registration is restricted to only those finished the Pre-Registration The trust anchors created few problems –The error messages weren’t useful for the registrants; but were able to draw

9 Suggestions&/Solutions -----Begin Certificate----- -----End Certificate-----

Download ppt "TAGPMA Twiki ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution."

Similar presentations

Pakiti.

Pakiti.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
What to expect.  Linux  Windows Server (2008 or 2012)

What to expect.  Linux  Windows Server (2008 or 2012)
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
TAGPMA Twiki &

TAGPMA Twiki &
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.

Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.
Disaster Relief by the Pound CS5260 Semester Project University of Colorado at Colorado Springs By Robin Kimzey and Cliff McCullough 02 May 2011.

Disaster Relief by the Pound CS5260 Semester Project University of Colorado at Colorado Springs By Robin Kimzey and Cliff McCullough 02 May 2011.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.

SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google