Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Getting information from a client certificate using PD

16 posts in General Discussion (old) Last posting was on 2000-02-23 12:34:51.0Z
Arjen Hup Posted on 2000-02-17 15:46:27.0Z
Newsgroups: sybase.public.easerver
Date: Thu, 17 Feb 2000 16:46:27 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 21
NNTP-Posting-Host: 158.76.4.50
Message-ID: <347_38AC17D3.5F8397EF@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28509
Article PK: 160659

I am working with the following tools:
-Transaction server: Jaguar 3.01
-Application Server: PowerDynamo 3.01
-Web server: IIS 4.0

We are using a server certificate on the web server and client
certificates on the browser for authentication.
To find out which client is doing a request, we need some information
from the client certificate. That's our problem !!!
We cannot get information from the client certificate using PowerDynamo.

Is there a possibility that Powerdynamo can get information from the
client certificate.

Using VBSCRIPT it is possible to get info from the client certificate;
VBSCRIPT has an object called Request and that object which has a
feature called ClientCertificate
Is there someting similar in Powerdynamo that we can use ???

Thanks in advance,

Greetings Arjen Hup


Dave Wolf [Sybase] Posted on 2000-02-17 16:25:47.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Thu, 17 Feb 2000 11:25:47 -0500
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: dwolf-nt.sybase.com 157.133.41.127
Message-ID: <347_imF#kQWe$GA.184@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28505
Article PK: 160657

PowerDynamo does not have this functionality. What you could do though is
use a JavaServlet in Jaguar to get the info. Just redirect them to Jaguar
once, let Jag pull the certificate info, then you could have Dynamo get it
from Jaguar.

Dave Wolf
Internet Applications Division

Arjen Hup <ahup@sybase.com> wrote in message
news:38AC17D3.5F8397EF@sybase.com...
> I am working with the following tools:
> -Transaction server: Jaguar 3.01
> -Application Server: PowerDynamo 3.01
> -Web server: IIS 4.0
>
> We are using a server certificate on the web server and client
> certificates on the browser for authentication.
> To find out which client is doing a request, we need some information
> from the client certificate. That's our problem !!!
> We cannot get information from the client certificate using PowerDynamo.
>
> Is there a possibility that Powerdynamo can get information from the
> client certificate.
>
> Using VBSCRIPT it is possible to get info from the client certificate;
> VBSCRIPT has an object called Request and that object which has a
> feature called ClientCertificate
> Is there someting similar in Powerdynamo that we can use ???
>
> Thanks in advance,
>
> Greetings Arjen Hup
>
>
>


Arjen Hup Posted on 2000-02-17 19:40:20.0Z
Newsgroups: sybase.public.easerver
Date: Thu, 17 Feb 2000 20:40:20 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 47
NNTP-Posting-Host: 158.76.4.50
Message-ID: <347_38AC4EA3.696C11C0@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28463
Article PK: 160621

Thanks for your fast response but how do I force Jaguar to pull the
certificate info.
If an https listener is specified with a security protocol with;
- the security characteristic: "sybpks_intl_mutual_auth"
- a certificate label: a user certificate
Does this mean that the https listener can only be used by the user with the
certificate
specified at the certificate label ?
If yes, this won't work
If no, how should I specify the security protocol of https listener.

Greetings,

Arjen Hup

"Dave Wolf [Sybase]" wrote:

> PowerDynamo does not have this functionality. What you could do though is
> use a JavaServlet in Jaguar to get the info. Just redirect them to Jaguar
> once, let Jag pull the certificate info, then you could have Dynamo get it
> from Jaguar.
>
> Dave Wolf
> Internet Applications Division
>
> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AC17D3.5F8397EF@sybase.com...
> > I am working with the following tools:
> > -Transaction server: Jaguar 3.01
> > -Application Server: PowerDynamo 3.01
> > -Web server: IIS 4.0
> >
> > We are using a server certificate on the web server and client
> > certificates on the browser for authentication.
> > To find out which client is doing a request, we need some information
> > from the client certificate. That's our problem !!!
> > We cannot get information from the client certificate using PowerDynamo.
> >
> > Is there a possibility that Powerdynamo can get information from the
> > client certificate.
> >
> > Using VBSCRIPT it is possible to get info from the client certificate;
> > VBSCRIPT has an object called Request and that object which has a
> > feature called ClientCertificate
> > Is there someting similar in Powerdynamo that we can use ???
> >
> > Thanks in advance,
> >
> > Greetings Arjen Hup
> >
> >
> >


Dave Wolf [Sybase] Posted on 2000-02-18 02:55:52.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Thu, 17 Feb 2000 21:55:52 -0500
Lines: 77
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.32
Message-ID: <347_ZqEQrwbe$GA.204@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28418
Article PK: 154666


Arjen Hup <ahup@sybase.com> wrote in message
news:38AC4EA3.696C11C0@sybase.com...
> Thanks for your fast response but how do I force Jaguar to pull the
> certificate info.
> If an https listener is specified with a security protocol with;
> - the security characteristic: "sybpks_intl_mutual_auth"
> - a certificate label: a user certificate
> Does this mean that the https listener can only be used by the user with
the
> certificate
> specified at the certificate label ?

No. The certificate used in the Security profile is the certificate used by
the server to build the SSL channel. You would go to verisign to get a
server certicicate, install it, and specify it in the security profile.

> If yes, this won't work
> If no, how should I specify the security protocol of https listener.

Right now, for an example, just use the sample for the server side in the
security profile. You can use any X.509 id for the browser side. The QOP
of sybpks_intl_mutual_auth tells the server to do both server and client
certificate authentication.

Dave Wolf
Internet Applications Division

>
> Greetings,
>
> Arjen Hup
>
> "Dave Wolf [Sybase]" wrote:
>
> > PowerDynamo does not have this functionality. What you could do though
is
> > use a JavaServlet in Jaguar to get the info. Just redirect them to
Jaguar
> > once, let Jag pull the certificate info, then you could have Dynamo get
it
> > from Jaguar.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Arjen Hup <ahup@sybase.com> wrote in message
> > news:38AC17D3.5F8397EF@sybase.com...
> > > I am working with the following tools:
> > > -Transaction server: Jaguar 3.01
> > > -Application Server: PowerDynamo 3.01
> > > -Web server: IIS 4.0
> > >
> > > We are using a server certificate on the web server and client
> > > certificates on the browser for authentication.
> > > To find out which client is doing a request, we need some information
> > > from the client certificate. That's our problem !!!
> > > We cannot get information from the client certificate using
PowerDynamo.
> > >
> > > Is there a possibility that Powerdynamo can get information from the
> > > client certificate.
> > >
> > > Using VBSCRIPT it is possible to get info from the client certificate;
> > > VBSCRIPT has an object called Request and that object which has a
> > > feature called ClientCertificate
> > > Is there someting similar in Powerdynamo that we can use ???
> > >
> > > Thanks in advance,
> > >
> > > Greetings Arjen Hup
> > >
> > >
> > >
>


Arjen Hup Posted on 2000-02-18 11:16:21.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 12:16:21 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 95
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD2A05.53DB34F8@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28407
Article PK: 160429

Hi Dave here I am again,

>The certificate used in the Security profile is the certificate used by
>the server to build the SSL channel. You would go to verisign to get a
>server certicicate, install it, and specify it in the security profile.

Okay, this sounds more logical than defining a user certificate in the Security
Profile.
But the Security Profile user interface contains a dropdown from which one can
select
a certificate label. But this dropdown contains only the certificates that are
installed in the
User Certificates folder of the Security Manager.

At our project we are using Baltimore certificates. When I install the server
certificate it is installed
in the folder Other Certificates. Is it possible that I can select these
certificates from the 'certificate label' dropdown ?
If not, how is it possible to get a server certificate, that is installed in the
folder 'Other Certificates', into the USer Certificates folder.

Thanks in advance,

Arjen Hup


"Dave Wolf [Sybase]" wrote:

> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AC4EA3.696C11C0@sybase.com...
> > Thanks for your fast response but how do I force Jaguar to pull the
> > certificate info.
> > If an https listener is specified with a security protocol with;
> > - the security characteristic: "sybpks_intl_mutual_auth"
> > - a certificate label: a user certificate
> > Does this mean that the https listener can only be used by the user with
> the
> > certificate
> > specified at the certificate label ?
>
> No. The certificate used in the Security profile is the certificate used by
> the server to build the SSL channel. You would go to verisign to get a
> server certicicate, install it, and specify it in the security profile.
>
> > If yes, this won't work
> > If no, how should I specify the security protocol of https listener.
>
> Right now, for an example, just use the sample for the server side in the
> security profile. You can use any X.509 id for the browser side. The QOP
> of sybpks_intl_mutual_auth tells the server to do both server and client
> certificate authentication.
>
> Dave Wolf
> Internet Applications Division
>
> >
> > Greetings,
> >
> > Arjen Hup
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > PowerDynamo does not have this functionality. What you could do though
> is
> > > use a JavaServlet in Jaguar to get the info. Just redirect them to
> Jaguar
> > > once, let Jag pull the certificate info, then you could have Dynamo get
> it
> > > from Jaguar.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AC17D3.5F8397EF@sybase.com...
> > > > I am working with the following tools:
> > > > -Transaction server: Jaguar 3.01
> > > > -Application Server: PowerDynamo 3.01
> > > > -Web server: IIS 4.0
> > > >
> > > > We are using a server certificate on the web server and client
> > > > certificates on the browser for authentication.
> > > > To find out which client is doing a request, we need some information
> > > > from the client certificate. That's our problem !!!
> > > > We cannot get information from the client certificate using
> PowerDynamo.
> > > >
> > > > Is there a possibility that Powerdynamo can get information from the
> > > > client certificate.
> > > >
> > > > Using VBSCRIPT it is possible to get info from the client certificate;
> > > > VBSCRIPT has an object called Request and that object which has a
> > > > feature called ClientCertificate
> > > > Is there someting similar in Powerdynamo that we can use ???
> > > >
> > > > Thanks in advance,
> > > >
> > > > Greetings Arjen Hup
> > > >
> > > >
> > > >
> >


Arjen Hup Posted on 2000-02-18 11:15:39.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 12:15:39 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 95
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD29DB.2E8890EF@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28408
Article PK: 160430

Hi Dave here I am again,

>The certificate used in the Security profile is the certificate used by
>the server to build the SSL channel. You would go to verisign to get a
>server certicicate, install it, and specify it in the security profile.

Okay, this sounds more logical than defining a user certificate in the Security
Profile.
But the Security Profile user interface contains a dropdown from which one can
select
a certificate label. But this dropdown contains only the certificates that are
installed in the
User Certificates folder of the Security Manager.

At our project we are using Baltimore certificates. When I install the server
certificate it is installed
in the folder Other Certificates. Is it possible that I can select these
certificates from the 'certificate label' dropdown ?
If not, how is it possible to get a server certificate, that is installed in the
folder 'Other Certificates', into the USer Certificates folder.

Thanks in advance,

Arjen Hup


"Dave Wolf [Sybase]" wrote:

> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AC4EA3.696C11C0@sybase.com...
> > Thanks for your fast response but how do I force Jaguar to pull the
> > certificate info.
> > If an https listener is specified with a security protocol with;
> > - the security characteristic: "sybpks_intl_mutual_auth"
> > - a certificate label: a user certificate
> > Does this mean that the https listener can only be used by the user with
> the
> > certificate
> > specified at the certificate label ?
>
> No. The certificate used in the Security profile is the certificate used by
> the server to build the SSL channel. You would go to verisign to get a
> server certicicate, install it, and specify it in the security profile.
>
> > If yes, this won't work
> > If no, how should I specify the security protocol of https listener.
>
> Right now, for an example, just use the sample for the server side in the
> security profile. You can use any X.509 id for the browser side. The QOP
> of sybpks_intl_mutual_auth tells the server to do both server and client
> certificate authentication.
>
> Dave Wolf
> Internet Applications Division
>
> >
> > Greetings,
> >
> > Arjen Hup
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > PowerDynamo does not have this functionality. What you could do though
> is
> > > use a JavaServlet in Jaguar to get the info. Just redirect them to
> Jaguar
> > > once, let Jag pull the certificate info, then you could have Dynamo get
> it
> > > from Jaguar.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AC17D3.5F8397EF@sybase.com...
> > > > I am working with the following tools:
> > > > -Transaction server: Jaguar 3.01
> > > > -Application Server: PowerDynamo 3.01
> > > > -Web server: IIS 4.0
> > > >
> > > > We are using a server certificate on the web server and client
> > > > certificates on the browser for authentication.
> > > > To find out which client is doing a request, we need some information
> > > > from the client certificate. That's our problem !!!
> > > > We cannot get information from the client certificate using
> PowerDynamo.
> > > >
> > > > Is there a possibility that Powerdynamo can get information from the
> > > > client certificate.
> > > >
> > > > Using VBSCRIPT it is possible to get info from the client certificate;
> > > > VBSCRIPT has an object called Request and that object which has a
> > > > feature called ClientCertificate
> > > > Is there someting similar in Powerdynamo that we can use ???
> > > >
> > > > Thanks in advance,
> > > >
> > > > Greetings Arjen Hup
> > > >
> > > >
> > > >
> >


Arjen Hup Posted on 2000-02-18 11:14:30.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 12:14:30 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 95
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD2996.FB458DB5@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28409
Article PK: 160431

Hi Dave here I am again,

>The certificate used in the Security profile is the certificate used by
>the server to build the SSL channel. You would go to verisign to get a
>server certicicate, install it, and specify it in the security profile.

Okay, this sounds more logical than defining a user certificate in the Security
Profile.
But the Security Profile user interface contains a dropdown from which one can
select
a certificate label. But this dropdown contains only the certificates that are
installed in the
User Certificates folder of the Security Manager.

At our project we are using Baltimore certificates. When I install the server
certificate it is installed
in the folder Other Certificates. Is it possible that I can select these
certificates from the 'certificate label' dropdown ?
If not, how is it possible to get a server certificate, that is installed in the
folder 'Other Certificates', into the USer Certificates folder.

Thanks in advance,

Arjen Hup


"Dave Wolf [Sybase]" wrote:

> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AC4EA3.696C11C0@sybase.com...
> > Thanks for your fast response but how do I force Jaguar to pull the
> > certificate info.
> > If an https listener is specified with a security protocol with;
> > - the security characteristic: "sybpks_intl_mutual_auth"
> > - a certificate label: a user certificate
> > Does this mean that the https listener can only be used by the user with
> the
> > certificate
> > specified at the certificate label ?
>
> No. The certificate used in the Security profile is the certificate used by
> the server to build the SSL channel. You would go to verisign to get a
> server certicicate, install it, and specify it in the security profile.
>
> > If yes, this won't work
> > If no, how should I specify the security protocol of https listener.
>
> Right now, for an example, just use the sample for the server side in the
> security profile. You can use any X.509 id for the browser side. The QOP
> of sybpks_intl_mutual_auth tells the server to do both server and client
> certificate authentication.
>
> Dave Wolf
> Internet Applications Division
>
> >
> > Greetings,
> >
> > Arjen Hup
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > PowerDynamo does not have this functionality. What you could do though
> is
> > > use a JavaServlet in Jaguar to get the info. Just redirect them to
> Jaguar
> > > once, let Jag pull the certificate info, then you could have Dynamo get
> it
> > > from Jaguar.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AC17D3.5F8397EF@sybase.com...
> > > > I am working with the following tools:
> > > > -Transaction server: Jaguar 3.01
> > > > -Application Server: PowerDynamo 3.01
> > > > -Web server: IIS 4.0
> > > >
> > > > We are using a server certificate on the web server and client
> > > > certificates on the browser for authentication.
> > > > To find out which client is doing a request, we need some information
> > > > from the client certificate. That's our problem !!!
> > > > We cannot get information from the client certificate using
> PowerDynamo.
> > > >
> > > > Is there a possibility that Powerdynamo can get information from the
> > > > client certificate.
> > > >
> > > > Using VBSCRIPT it is possible to get info from the client certificate;
> > > > VBSCRIPT has an object called Request and that object which has a
> > > > feature called ClientCertificate
> > > > Is there someting similar in Powerdynamo that we can use ???
> > > >
> > > > Thanks in advance,
> > > >
> > > > Greetings Arjen Hup
> > > >
> > > >
> > > >
> >


Dave Wolf [Sybase] Posted on 2000-02-18 13:23:18.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Fri, 18 Feb 2000 08:23:18 -0500
Lines: 129
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.28
Message-ID: <347_YJa7SPhe$GA.324@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28404
Article PK: 160426

If it went into "Other Certificates" it is because it only had a public key
and no corresponding private key. Can you export the certificates in PKCS12
format so the private and public keys are present? The server needs the
private key to use it for SSL.

Dave Wolf
Internet Applications Division

Arjen Hup <ahup@sybase.com> wrote in message
news:38AD2996.FB458DB5@sybase.com...
> Hi Dave here I am again,
>
> >The certificate used in the Security profile is the certificate used by
> >the server to build the SSL channel. You would go to verisign to get a
> >server certicicate, install it, and specify it in the security profile.
>
> Okay, this sounds more logical than defining a user certificate in the
Security
> Profile.
> But the Security Profile user interface contains a dropdown from which one
can
> select
> a certificate label. But this dropdown contains only the certificates that
are
> installed in the
> User Certificates folder of the Security Manager.
>
> At our project we are using Baltimore certificates. When I install the
server
> certificate it is installed
> in the folder Other Certificates. Is it possible that I can select these
> certificates from the 'certificate label' dropdown ?
> If not, how is it possible to get a server certificate, that is installed
in the
> folder 'Other Certificates', into the USer Certificates folder.
>
> Thanks in advance,
>
> Arjen Hup
>
>
> "Dave Wolf [Sybase]" wrote:
>
> > Arjen Hup <ahup@sybase.com> wrote in message
> > news:38AC4EA3.696C11C0@sybase.com...
> > > Thanks for your fast response but how do I force Jaguar to pull the
> > > certificate info.
> > > If an https listener is specified with a security protocol with;
> > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > - a certificate label: a user certificate
> > > Does this mean that the https listener can only be used by the user
with
> > the
> > > certificate
> > > specified at the certificate label ?
> >
> > No. The certificate used in the Security profile is the certificate
used by
> > the server to build the SSL channel. You would go to verisign to get a
> > server certicicate, install it, and specify it in the security profile.
> >
> > > If yes, this won't work
> > > If no, how should I specify the security protocol of https listener.
> >
> > Right now, for an example, just use the sample for the server side in
the
> > security profile. You can use any X.509 id for the browser side. The
QOP
> > of sybpks_intl_mutual_auth tells the server to do both server and client
> > certificate authentication.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > >
> > > Greetings,
> > >
> > > Arjen Hup
> > >
> > > "Dave Wolf [Sybase]" wrote:
> > >
> > > > PowerDynamo does not have this functionality. What you could do
though
> > is
> > > > use a JavaServlet in Jaguar to get the info. Just redirect them to
> > Jaguar
> > > > once, let Jag pull the certificate info, then you could have Dynamo
get
> > it
> > > > from Jaguar.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > I am working with the following tools:
> > > > > -Transaction server: Jaguar 3.01
> > > > > -Application Server: PowerDynamo 3.01
> > > > > -Web server: IIS 4.0
> > > > >
> > > > > We are using a server certificate on the web server and client
> > > > > certificates on the browser for authentication.
> > > > > To find out which client is doing a request, we need some
information
> > > > > from the client certificate. That's our problem !!!
> > > > > We cannot get information from the client certificate using
> > PowerDynamo.
> > > > >
> > > > > Is there a possibility that Powerdynamo can get information from
the
> > > > > client certificate.
> > > > >
> > > > > Using VBSCRIPT it is possible to get info from the client
certificate;
> > > > > VBSCRIPT has an object called Request and that object which has a
> > > > > feature called ClientCertificate
> > > > > Is there someting similar in Powerdynamo that we can use ???
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > Greetings Arjen Hup
> > > > >
> > > > >
> > > > >
> > >
>


Arjen Hup Posted on 2000-02-18 14:39:30.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 15:39:30 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 126
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD59A1.6019188F@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28395
Article PK: 160419

Hi Dave,
You're right, the certificate is not in a pkcs12 format. We've already asked
Baltimore for
a new server certificate. But another question came into my mind:
Once, we have the client certificate and put all the info from that certificate
into a jaguar component or a string, how does Dynamo get it from Jaguar ???

Thanks,

Arjen Hup

"Dave Wolf [Sybase]" wrote:

> If it went into "Other Certificates" it is because it only had a public key
> and no corresponding private key. Can you export the certificates in PKCS12
> format so the private and public keys are present? The server needs the
> private key to use it for SSL.
>
> Dave Wolf
> Internet Applications Division
>
> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AD2996.FB458DB5@sybase.com...
> > Hi Dave here I am again,
> >
> > >The certificate used in the Security profile is the certificate used by
> > >the server to build the SSL channel. You would go to verisign to get a
> > >server certicicate, install it, and specify it in the security profile.
> >
> > Okay, this sounds more logical than defining a user certificate in the
> Security
> > Profile.
> > But the Security Profile user interface contains a dropdown from which one
> can
> > select
> > a certificate label. But this dropdown contains only the certificates that
> are
> > installed in the
> > User Certificates folder of the Security Manager.
> >
> > At our project we are using Baltimore certificates. When I install the
> server
> > certificate it is installed
> > in the folder Other Certificates. Is it possible that I can select these
> > certificates from the 'certificate label' dropdown ?
> > If not, how is it possible to get a server certificate, that is installed
> in the
> > folder 'Other Certificates', into the USer Certificates folder.
> >
> > Thanks in advance,
> >
> > Arjen Hup
> >
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AC4EA3.696C11C0@sybase.com...
> > > > Thanks for your fast response but how do I force Jaguar to pull the
> > > > certificate info.
> > > > If an https listener is specified with a security protocol with;
> > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > - a certificate label: a user certificate
> > > > Does this mean that the https listener can only be used by the user
> with
> > > the
> > > > certificate
> > > > specified at the certificate label ?
> > >
> > > No. The certificate used in the Security profile is the certificate
> used by
> > > the server to build the SSL channel. You would go to verisign to get a
> > > server certicicate, install it, and specify it in the security profile.
> > >
> > > > If yes, this won't work
> > > > If no, how should I specify the security protocol of https listener.
> > >
> > > Right now, for an example, just use the sample for the server side in
> the
> > > security profile. You can use any X.509 id for the browser side. The
> QOP
> > > of sybpks_intl_mutual_auth tells the server to do both server and client
> > > certificate authentication.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > >
> > > > Greetings,
> > > >
> > > > Arjen Hup
> > > >
> > > > "Dave Wolf [Sybase]" wrote:
> > > >
> > > > > PowerDynamo does not have this functionality. What you could do
> though
> > > is
> > > > > use a JavaServlet in Jaguar to get the info. Just redirect them to
> > > Jaguar
> > > > > once, let Jag pull the certificate info, then you could have Dynamo
> get
> > > it
> > > > > from Jaguar.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > I am working with the following tools:
> > > > > > -Transaction server: Jaguar 3.01
> > > > > > -Application Server: PowerDynamo 3.01
> > > > > > -Web server: IIS 4.0
> > > > > >
> > > > > > We are using a server certificate on the web server and client
> > > > > > certificates on the browser for authentication.
> > > > > > To find out which client is doing a request, we need some
> information
> > > > > > from the client certificate. That's our problem !!!
> > > > > > We cannot get information from the client certificate using
> > > PowerDynamo.
> > > > > >
> > > > > > Is there a possibility that Powerdynamo can get information from
> the
> > > > > > client certificate.
> > > > > >
> > > > > > Using VBSCRIPT it is possible to get info from the client
> certificate;
> > > > > > VBSCRIPT has an object called Request and that object which has a
> > > > > > feature called ClientCertificate
> > > > > > Is there someting similar in Powerdynamo that we can use ???
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > Greetings Arjen Hup
> > > > > >
> > > > > >
> > > > > >
> > > >
> >


Dave Wolf [Sybase] Posted on 2000-02-18 14:50:03.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Fri, 18 Feb 2000 09:50:03 -0500
Lines: 185
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.28
Message-ID: <347_HGjgx$he$GA.184@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28389
Article PK: 160412

OK here's my idea. You send them to a Java servlet which extracts info off
the certificate you need, like DN, etc. Now the servlet pulls this info
off, and does a redirect to a Dynamo script passing the info in fields, so

// Servlet Java code

response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....

See, now in Dynamo you grab the variables and slap them into session
variables.

Make sense?

Dave Wolf
Internet Applications Division

Arjen Hup <ahup@sybase.com> wrote in message
news:38AD59A1.6019188F@sybase.com...
> Hi Dave,
> You're right, the certificate is not in a pkcs12 format. We've already
asked
> Baltimore for
> a new server certificate. But another question came into my mind:
> Once, we have the client certificate and put all the info from that
certificate
> into a jaguar component or a string, how does Dynamo get it from Jaguar
???
>
> Thanks,
>
> Arjen Hup
>
> "Dave Wolf [Sybase]" wrote:
>
> > If it went into "Other Certificates" it is because it only had a public
key
> > and no corresponding private key. Can you export the certificates in
PKCS12
> > format so the private and public keys are present? The server needs the
> > private key to use it for SSL.
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Arjen Hup <ahup@sybase.com> wrote in message
> > news:38AD2996.FB458DB5@sybase.com...
> > > Hi Dave here I am again,
> > >
> > > >The certificate used in the Security profile is the certificate used
by
> > > >the server to build the SSL channel. You would go to verisign to get
a
> > > >server certicicate, install it, and specify it in the security
profile.
> > >
> > > Okay, this sounds more logical than defining a user certificate in the
> > Security
> > > Profile.
> > > But the Security Profile user interface contains a dropdown from which
one
> > can
> > > select
> > > a certificate label. But this dropdown contains only the certificates
that
> > are
> > > installed in the
> > > User Certificates folder of the Security Manager.
> > >
> > > At our project we are using Baltimore certificates. When I install the
> > server
> > > certificate it is installed
> > > in the folder Other Certificates. Is it possible that I can select
these
> > > certificates from the 'certificate label' dropdown ?
> > > If not, how is it possible to get a server certificate, that is
installed
> > in the
> > > folder 'Other Certificates', into the USer Certificates folder.
> > >
> > > Thanks in advance,
> > >
> > > Arjen Hup
> > >
> > >
> > > "Dave Wolf [Sybase]" wrote:
> > >
> > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > Thanks for your fast response but how do I force Jaguar to pull
the
> > > > > certificate info.
> > > > > If an https listener is specified with a security protocol with;
> > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > - a certificate label: a user certificate
> > > > > Does this mean that the https listener can only be used by the
user
> > with
> > > > the
> > > > > certificate
> > > > > specified at the certificate label ?
> > > >
> > > > No. The certificate used in the Security profile is the certificate
> > used by
> > > > the server to build the SSL channel. You would go to verisign to
get a
> > > > server certicicate, install it, and specify it in the security
profile.
> > > >
> > > > > If yes, this won't work
> > > > > If no, how should I specify the security protocol of https
listener.
> > > >
> > > > Right now, for an example, just use the sample for the server side
in
> > the
> > > > security profile. You can use any X.509 id for the browser side.
The
> > QOP
> > > > of sybpks_intl_mutual_auth tells the server to do both server and
client
> > > > certificate authentication.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > >
> > > > > Greetings,
> > > > >
> > > > > Arjen Hup
> > > > >
> > > > > "Dave Wolf [Sybase]" wrote:
> > > > >
> > > > > > PowerDynamo does not have this functionality. What you could do
> > though
> > > > is
> > > > > > use a JavaServlet in Jaguar to get the info. Just redirect them
to
> > > > Jaguar
> > > > > > once, let Jag pull the certificate info, then you could have
Dynamo
> > get
> > > > it
> > > > > > from Jaguar.
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > I am working with the following tools:
> > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > -Web server: IIS 4.0
> > > > > > >
> > > > > > > We are using a server certificate on the web server and client
> > > > > > > certificates on the browser for authentication.
> > > > > > > To find out which client is doing a request, we need some
> > information
> > > > > > > from the client certificate. That's our problem !!!
> > > > > > > We cannot get information from the client certificate using
> > > > PowerDynamo.
> > > > > > >
> > > > > > > Is there a possibility that Powerdynamo can get information
from
> > the
> > > > > > > client certificate.
> > > > > > >
> > > > > > > Using VBSCRIPT it is possible to get info from the client
> > certificate;
> > > > > > > VBSCRIPT has an object called Request and that object which
has a
> > > > > > > feature called ClientCertificate
> > > > > > > Is there someting similar in Powerdynamo that we can use ???
> > > > > > >
> > > > > > > Thanks in advance,
> > > > > > >
> > > > > > > Greetings Arjen Hup
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > >
>


Arjen Hup Posted on 2000-02-18 15:25:55.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 16:25:55 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 160
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD6482.67D2CA10@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28380
Article PK: 154661

Ok, this looks great !
But what about security?
Are the info variables encrypted and then sent to the client ???

Thanks,
Arjen Hup

"Dave Wolf [Sybase]" wrote:

> OK here's my idea. You send them to a Java servlet which extracts info off
> the certificate you need, like DN, etc. Now the servlet pulls this info
> off, and does a redirect to a Dynamo script passing the info in fields, so
>
> // Servlet Java code
>
> response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
>
> See, now in Dynamo you grab the variables and slap them into session
> variables.
>
> Make sense?
>
> Dave Wolf
> Internet Applications Division
>
> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AD59A1.6019188F@sybase.com...
> > Hi Dave,
> > You're right, the certificate is not in a pkcs12 format. We've already
> asked
> > Baltimore for
> > a new server certificate. But another question came into my mind:
> > Once, we have the client certificate and put all the info from that
> certificate
> > into a jaguar component or a string, how does Dynamo get it from Jaguar
> ???
> >
> > Thanks,
> >
> > Arjen Hup
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > If it went into "Other Certificates" it is because it only had a public
> key
> > > and no corresponding private key. Can you export the certificates in
> PKCS12
> > > format so the private and public keys are present? The server needs the
> > > private key to use it for SSL.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AD2996.FB458DB5@sybase.com...
> > > > Hi Dave here I am again,
> > > >
> > > > >The certificate used in the Security profile is the certificate used
> by
> > > > >the server to build the SSL channel. You would go to verisign to get
> a
> > > > >server certicicate, install it, and specify it in the security
> profile.
> > > >
> > > > Okay, this sounds more logical than defining a user certificate in the
> > > Security
> > > > Profile.
> > > > But the Security Profile user interface contains a dropdown from which
> one
> > > can
> > > > select
> > > > a certificate label. But this dropdown contains only the certificates
> that
> > > are
> > > > installed in the
> > > > User Certificates folder of the Security Manager.
> > > >
> > > > At our project we are using Baltimore certificates. When I install the
> > > server
> > > > certificate it is installed
> > > > in the folder Other Certificates. Is it possible that I can select
> these
> > > > certificates from the 'certificate label' dropdown ?
> > > > If not, how is it possible to get a server certificate, that is
> installed
> > > in the
> > > > folder 'Other Certificates', into the USer Certificates folder.
> > > >
> > > > Thanks in advance,
> > > >
> > > > Arjen Hup
> > > >
> > > >
> > > > "Dave Wolf [Sybase]" wrote:
> > > >
> > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > Thanks for your fast response but how do I force Jaguar to pull
> the
> > > > > > certificate info.
> > > > > > If an https listener is specified with a security protocol with;
> > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > - a certificate label: a user certificate
> > > > > > Does this mean that the https listener can only be used by the
> user
> > > with
> > > > > the
> > > > > > certificate
> > > > > > specified at the certificate label ?
> > > > >
> > > > > No. The certificate used in the Security profile is the certificate
> > > used by
> > > > > the server to build the SSL channel. You would go to verisign to
> get a
> > > > > server certicicate, install it, and specify it in the security
> profile.
> > > > >
> > > > > > If yes, this won't work
> > > > > > If no, how should I specify the security protocol of https
> listener.
> > > > >
> > > > > Right now, for an example, just use the sample for the server side
> in
> > > the
> > > > > security profile. You can use any X.509 id for the browser side.
> The
> > > QOP
> > > > > of sybpks_intl_mutual_auth tells the server to do both server and
> client
> > > > > certificate authentication.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > >
> > > > > > Greetings,
> > > > > >
> > > > > > Arjen Hup
> > > > > >
> > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > >
> > > > > > > PowerDynamo does not have this functionality. What you could do
> > > though
> > > > > is
> > > > > > > use a JavaServlet in Jaguar to get the info. Just redirect them
> to
> > > > > Jaguar
> > > > > > > once, let Jag pull the certificate info, then you could have
> Dynamo
> > > get
> > > > > it
> > > > > > > from Jaguar.
> > > > > > >
> > > > > > > Dave Wolf
> > > > > > > Internet Applications Division
> > > > > > >
> > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > I am working with the following tools:
> > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > -Web server: IIS 4.0
> > > > > > > >
> > > > > > > > We are using a server certificate on the web server and client
> > > > > > > > certificates on the browser for authentication.
> > > > > > > > To find out which client is doing a request, we need some
> > > information
> > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > We cannot get information from the client certificate using
> > > > > PowerDynamo.
> > > > > > > >
> > > > > > > > Is there a possibility that Powerdynamo can get information
> from
> > > the
> > > > > > > > client certificate.
> > > > > > > >
> > > > > > > > Using VBSCRIPT it is possible to get info from the client
> > > certificate;
> > > > > > > > VBSCRIPT has an object called Request and that object which
> has a
> > > > > > > > feature called ClientCertificate
> > > > > > > > Is there someting similar in Powerdynamo that we can use ???
> > > > > > > >
> > > > > > > > Thanks in advance,
> > > > > > > >
> > > > > > > > Greetings Arjen Hup
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > >
> > > >
> >


Dave Wolf [Sybase] Posted on 2000-02-18 15:32:01.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Fri, 18 Feb 2000 10:32:01 -0500
Lines: 228
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.28
Message-ID: <347_h22tOXie$GA.184@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com> <347_38AD6482.67D2CA10@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28379
Article PK: 160404

Ah yes they would be in the clear, but likely behind a firewall right?

Dave Wolf
Internet Applications Division

Arjen Hup <ahup@sybase.com> wrote in message
news:38AD6482.67D2CA10@sybase.com...
> Ok, this looks great !
> But what about security?
> Are the info variables encrypted and then sent to the client ???
>
> Thanks,
> Arjen Hup
>
> "Dave Wolf [Sybase]" wrote:
>
> > OK here's my idea. You send them to a Java servlet which extracts info
off
> > the certificate you need, like DN, etc. Now the servlet pulls this info
> > off, and does a redirect to a Dynamo script passing the info in fields,
so
> >
> > // Servlet Java code
> >
> > response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
> >
> > See, now in Dynamo you grab the variables and slap them into session
> > variables.
> >
> > Make sense?
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Arjen Hup <ahup@sybase.com> wrote in message
> > news:38AD59A1.6019188F@sybase.com...
> > > Hi Dave,
> > > You're right, the certificate is not in a pkcs12 format. We've already
> > asked
> > > Baltimore for
> > > a new server certificate. But another question came into my mind:
> > > Once, we have the client certificate and put all the info from that
> > certificate
> > > into a jaguar component or a string, how does Dynamo get it from
Jaguar
> > ???
> > >
> > > Thanks,
> > >
> > > Arjen Hup
> > >
> > > "Dave Wolf [Sybase]" wrote:
> > >
> > > > If it went into "Other Certificates" it is because it only had a
public
> > key
> > > > and no corresponding private key. Can you export the certificates
in
> > PKCS12
> > > > format so the private and public keys are present? The server needs
the
> > > > private key to use it for SSL.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > news:38AD2996.FB458DB5@sybase.com...
> > > > > Hi Dave here I am again,
> > > > >
> > > > > >The certificate used in the Security profile is the certificate
used
> > by
> > > > > >the server to build the SSL channel. You would go to verisign to
get
> > a
> > > > > >server certicicate, install it, and specify it in the security
> > profile.
> > > > >
> > > > > Okay, this sounds more logical than defining a user certificate in
the
> > > > Security
> > > > > Profile.
> > > > > But the Security Profile user interface contains a dropdown from
which
> > one
> > > > can
> > > > > select
> > > > > a certificate label. But this dropdown contains only the
certificates
> > that
> > > > are
> > > > > installed in the
> > > > > User Certificates folder of the Security Manager.
> > > > >
> > > > > At our project we are using Baltimore certificates. When I install
the
> > > > server
> > > > > certificate it is installed
> > > > > in the folder Other Certificates. Is it possible that I can select
> > these
> > > > > certificates from the 'certificate label' dropdown ?
> > > > > If not, how is it possible to get a server certificate, that is
> > installed
> > > > in the
> > > > > folder 'Other Certificates', into the USer Certificates folder.
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > Arjen Hup
> > > > >
> > > > >
> > > > > "Dave Wolf [Sybase]" wrote:
> > > > >
> > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > > Thanks for your fast response but how do I force Jaguar to
pull
> > the
> > > > > > > certificate info.
> > > > > > > If an https listener is specified with a security protocol
with;
> > > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > > - a certificate label: a user certificate
> > > > > > > Does this mean that the https listener can only be used by the
> > user
> > > > with
> > > > > > the
> > > > > > > certificate
> > > > > > > specified at the certificate label ?
> > > > > >
> > > > > > No. The certificate used in the Security profile is the
certificate
> > > > used by
> > > > > > the server to build the SSL channel. You would go to verisign
to
> > get a
> > > > > > server certicicate, install it, and specify it in the security
> > profile.
> > > > > >
> > > > > > > If yes, this won't work
> > > > > > > If no, how should I specify the security protocol of https
> > listener.
> > > > > >
> > > > > > Right now, for an example, just use the sample for the server
side
> > in
> > > > the
> > > > > > security profile. You can use any X.509 id for the browser
side.
> > The
> > > > QOP
> > > > > > of sybpks_intl_mutual_auth tells the server to do both server
and
> > client
> > > > > > certificate authentication.
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > >
> > > > > > > Greetings,
> > > > > > >
> > > > > > > Arjen Hup
> > > > > > >
> > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > >
> > > > > > > > PowerDynamo does not have this functionality. What you
could do
> > > > though
> > > > > > is
> > > > > > > > use a JavaServlet in Jaguar to get the info. Just redirect
them
> > to
> > > > > > Jaguar
> > > > > > > > once, let Jag pull the certificate info, then you could have
> > Dynamo
> > > > get
> > > > > > it
> > > > > > > > from Jaguar.
> > > > > > > >
> > > > > > > > Dave Wolf
> > > > > > > > Internet Applications Division
> > > > > > > >
> > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > > I am working with the following tools:
> > > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > > -Web server: IIS 4.0
> > > > > > > > >
> > > > > > > > > We are using a server certificate on the web server and
client
> > > > > > > > > certificates on the browser for authentication.
> > > > > > > > > To find out which client is doing a request, we need some
> > > > information
> > > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > > We cannot get information from the client certificate
using
> > > > > > PowerDynamo.
> > > > > > > > >
> > > > > > > > > Is there a possibility that Powerdynamo can get
information
> > from
> > > > the
> > > > > > > > > client certificate.
> > > > > > > > >
> > > > > > > > > Using VBSCRIPT it is possible to get info from the client
> > > > certificate;
> > > > > > > > > VBSCRIPT has an object called Request and that object
which
> > has a
> > > > > > > > > feature called ClientCertificate
> > > > > > > > > Is there someting similar in Powerdynamo that we can use
???
> > > > > > > > >
> > > > > > > > > Thanks in advance,
> > > > > > > > >
> > > > > > > > > Greetings Arjen Hup
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > >
> > >
>


Arjen Hup Posted on 2000-02-18 15:48:31.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 16:48:31 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 188
NNTP-Posting-Host: 158.76.4.40
Message-ID: <347_38AD69CE.4582D70A@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com> <347_38AD6482.67D2CA10@sybase.com> <347_h22tOXie$GA.184@forums.sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28378
Article PK: 160403

No, not behind a firewall

"Dave Wolf [Sybase]" wrote:

> Ah yes they would be in the clear, but likely behind a firewall right?
>
> Dave Wolf
> Internet Applications Division
>
> Arjen Hup <ahup@sybase.com> wrote in message
> news:38AD6482.67D2CA10@sybase.com...
> > Ok, this looks great !
> > But what about security?
> > Are the info variables encrypted and then sent to the client ???
> >
> > Thanks,
> > Arjen Hup
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > OK here's my idea. You send them to a Java servlet which extracts info
> off
> > > the certificate you need, like DN, etc. Now the servlet pulls this info
> > > off, and does a redirect to a Dynamo script passing the info in fields,
> so
> > >
> > > // Servlet Java code
> > >
> > > response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
> > >
> > > See, now in Dynamo you grab the variables and slap them into session
> > > variables.
> > >
> > > Make sense?
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AD59A1.6019188F@sybase.com...
> > > > Hi Dave,
> > > > You're right, the certificate is not in a pkcs12 format. We've already
> > > asked
> > > > Baltimore for
> > > > a new server certificate. But another question came into my mind:
> > > > Once, we have the client certificate and put all the info from that
> > > certificate
> > > > into a jaguar component or a string, how does Dynamo get it from
> Jaguar
> > > ???
> > > >
> > > > Thanks,
> > > >
> > > > Arjen Hup
> > > >
> > > > "Dave Wolf [Sybase]" wrote:
> > > >
> > > > > If it went into "Other Certificates" it is because it only had a
> public
> > > key
> > > > > and no corresponding private key. Can you export the certificates
> in
> > > PKCS12
> > > > > format so the private and public keys are present? The server needs
> the
> > > > > private key to use it for SSL.
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > news:38AD2996.FB458DB5@sybase.com...
> > > > > > Hi Dave here I am again,
> > > > > >
> > > > > > >The certificate used in the Security profile is the certificate
> used
> > > by
> > > > > > >the server to build the SSL channel. You would go to verisign to
> get
> > > a
> > > > > > >server certicicate, install it, and specify it in the security
> > > profile.
> > > > > >
> > > > > > Okay, this sounds more logical than defining a user certificate in
> the
> > > > > Security
> > > > > > Profile.
> > > > > > But the Security Profile user interface contains a dropdown from
> which
> > > one
> > > > > can
> > > > > > select
> > > > > > a certificate label. But this dropdown contains only the
> certificates
> > > that
> > > > > are
> > > > > > installed in the
> > > > > > User Certificates folder of the Security Manager.
> > > > > >
> > > > > > At our project we are using Baltimore certificates. When I install
> the
> > > > > server
> > > > > > certificate it is installed
> > > > > > in the folder Other Certificates. Is it possible that I can select
> > > these
> > > > > > certificates from the 'certificate label' dropdown ?
> > > > > > If not, how is it possible to get a server certificate, that is
> > > installed
> > > > > in the
> > > > > > folder 'Other Certificates', into the USer Certificates folder.
> > > > > >
> > > > > > Thanks in advance,
> > > > > >
> > > > > > Arjen Hup
> > > > > >
> > > > > >
> > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > >
> > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > > > Thanks for your fast response but how do I force Jaguar to
> pull
> > > the
> > > > > > > > certificate info.
> > > > > > > > If an https listener is specified with a security protocol
> with;
> > > > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > > > - a certificate label: a user certificate
> > > > > > > > Does this mean that the https listener can only be used by the
> > > user
> > > > > with
> > > > > > > the
> > > > > > > > certificate
> > > > > > > > specified at the certificate label ?
> > > > > > >
> > > > > > > No. The certificate used in the Security profile is the
> certificate
> > > > > used by
> > > > > > > the server to build the SSL channel. You would go to verisign
> to
> > > get a
> > > > > > > server certicicate, install it, and specify it in the security
> > > profile.
> > > > > > >
> > > > > > > > If yes, this won't work
> > > > > > > > If no, how should I specify the security protocol of https
> > > listener.
> > > > > > >
> > > > > > > Right now, for an example, just use the sample for the server
> side
> > > in
> > > > > the
> > > > > > > security profile. You can use any X.509 id for the browser
> side.
> > > The
> > > > > QOP
> > > > > > > of sybpks_intl_mutual_auth tells the server to do both server
> and
> > > client
> > > > > > > certificate authentication.
> > > > > > >
> > > > > > > Dave Wolf
> > > > > > > Internet Applications Division
> > > > > > >
> > > > > > > >
> > > > > > > > Greetings,
> > > > > > > >
> > > > > > > > Arjen Hup
> > > > > > > >
> > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > >
> > > > > > > > > PowerDynamo does not have this functionality. What you
> could do
> > > > > though
> > > > > > > is
> > > > > > > > > use a JavaServlet in Jaguar to get the info. Just redirect
> them
> > > to
> > > > > > > Jaguar
> > > > > > > > > once, let Jag pull the certificate info, then you could have
> > > Dynamo
> > > > > get
> > > > > > > it
> > > > > > > > > from Jaguar.
> > > > > > > > >
> > > > > > > > > Dave Wolf
> > > > > > > > > Internet Applications Division
> > > > > > > > >
> > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > > > I am working with the following tools:
> > > > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > > > -Web server: IIS 4.0
> > > > > > > > > >
> > > > > > > > > > We are using a server certificate on the web server and
> client
> > > > > > > > > > certificates on the browser for authentication.
> > > > > > > > > > To find out which client is doing a request, we need some
> > > > > information
> > > > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > > > We cannot get information from the client certificate
> using
> > > > > > > PowerDynamo.
> > > > > > > > > >
> > > > > > > > > > Is there a possibility that Powerdynamo can get
> information
> > > from
> > > > > the
> > > > > > > > > > client certificate.
> > > > > > > > > >
> > > > > > > > > > Using VBSCRIPT it is possible to get info from the client
> > > > > certificate;
> > > > > > > > > > VBSCRIPT has an object called Request and that object
> which
> > > has a
> > > > > > > > > > feature called ClientCertificate
> > > > > > > > > > Is there someting similar in Powerdynamo that we can use
> ???
> > > > > > > > > >
> > > > > > > > > > Thanks in advance,
> > > > > > > > > >
> > > > > > > > > > Greetings Arjen Hup
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > >
> > > > > >
> > > >
> >


Arjen Hup Posted on 2000-02-18 21:47:51.0Z
Newsgroups: sybase.public.easerver
Date: Fri, 18 Feb 2000 22:47:51 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 207
NNTP-Posting-Host: 158.76.4.37
Message-ID: <347_38ADBE06.E54FB3C2@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com> <347_38AD6482.67D2CA10@sybase.com> <347_h22tOXie$GA.184@forums.sybase.com> <347_38AD69CE.4582D70A@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28346
Article PK: 154657

Hi Dave,

Do you think that there is a secure way to pass the ssl info of the client
certificate from jaguar to PowerDynamo.

I am gonna think about creating a jaguar component from an java applet via an
iiops listener.

Anyway, thanks in advance

Arjen Hup

Arjen Hup wrote:

> No, not behind a firewall
>
> "Dave Wolf [Sybase]" wrote:
>
> > Ah yes they would be in the clear, but likely behind a firewall right?
> >
> > Dave Wolf
> > Internet Applications Division
> >
> > Arjen Hup <ahup@sybase.com> wrote in message
> > news:38AD6482.67D2CA10@sybase.com...
> > > Ok, this looks great !
> > > But what about security?
> > > Are the info variables encrypted and then sent to the client ???
> > >
> > > Thanks,
> > > Arjen Hup
> > >
> > > "Dave Wolf [Sybase]" wrote:
> > >
> > > > OK here's my idea. You send them to a Java servlet which extracts info
> > off
> > > > the certificate you need, like DN, etc. Now the servlet pulls this info
> > > > off, and does a redirect to a Dynamo script passing the info in fields,
> > so
> > > >
> > > > // Servlet Java code
> > > >
> > > > response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
> > > >
> > > > See, now in Dynamo you grab the variables and slap them into session
> > > > variables.
> > > >
> > > > Make sense?
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > news:38AD59A1.6019188F@sybase.com...
> > > > > Hi Dave,
> > > > > You're right, the certificate is not in a pkcs12 format. We've already
> > > > asked
> > > > > Baltimore for
> > > > > a new server certificate. But another question came into my mind:
> > > > > Once, we have the client certificate and put all the info from that
> > > > certificate
> > > > > into a jaguar component or a string, how does Dynamo get it from
> > Jaguar
> > > > ???
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Arjen Hup
> > > > >
> > > > > "Dave Wolf [Sybase]" wrote:
> > > > >
> > > > > > If it went into "Other Certificates" it is because it only had a
> > public
> > > > key
> > > > > > and no corresponding private key. Can you export the certificates
> > in
> > > > PKCS12
> > > > > > format so the private and public keys are present? The server needs
> > the
> > > > > > private key to use it for SSL.
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > news:38AD2996.FB458DB5@sybase.com...
> > > > > > > Hi Dave here I am again,
> > > > > > >
> > > > > > > >The certificate used in the Security profile is the certificate
> > used
> > > > by
> > > > > > > >the server to build the SSL channel. You would go to verisign to
> > get
> > > > a
> > > > > > > >server certicicate, install it, and specify it in the security
> > > > profile.
> > > > > > >
> > > > > > > Okay, this sounds more logical than defining a user certificate in
> > the
> > > > > > Security
> > > > > > > Profile.
> > > > > > > But the Security Profile user interface contains a dropdown from
> > which
> > > > one
> > > > > > can
> > > > > > > select
> > > > > > > a certificate label. But this dropdown contains only the
> > certificates
> > > > that
> > > > > > are
> > > > > > > installed in the
> > > > > > > User Certificates folder of the Security Manager.
> > > > > > >
> > > > > > > At our project we are using Baltimore certificates. When I install
> > the
> > > > > > server
> > > > > > > certificate it is installed
> > > > > > > in the folder Other Certificates. Is it possible that I can select
> > > > these
> > > > > > > certificates from the 'certificate label' dropdown ?
> > > > > > > If not, how is it possible to get a server certificate, that is
> > > > installed
> > > > > > in the
> > > > > > > folder 'Other Certificates', into the USer Certificates folder.
> > > > > > >
> > > > > > > Thanks in advance,
> > > > > > >
> > > > > > > Arjen Hup
> > > > > > >
> > > > > > >
> > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > >
> > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > > > > Thanks for your fast response but how do I force Jaguar to
> > pull
> > > > the
> > > > > > > > > certificate info.
> > > > > > > > > If an https listener is specified with a security protocol
> > with;
> > > > > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > > > > - a certificate label: a user certificate
> > > > > > > > > Does this mean that the https listener can only be used by the
> > > > user
> > > > > > with
> > > > > > > > the
> > > > > > > > > certificate
> > > > > > > > > specified at the certificate label ?
> > > > > > > >
> > > > > > > > No. The certificate used in the Security profile is the
> > certificate
> > > > > > used by
> > > > > > > > the server to build the SSL channel. You would go to verisign
> > to
> > > > get a
> > > > > > > > server certicicate, install it, and specify it in the security
> > > > profile.
> > > > > > > >
> > > > > > > > > If yes, this won't work
> > > > > > > > > If no, how should I specify the security protocol of https
> > > > listener.
> > > > > > > >
> > > > > > > > Right now, for an example, just use the sample for the server
> > side
> > > > in
> > > > > > the
> > > > > > > > security profile. You can use any X.509 id for the browser
> > side.
> > > > The
> > > > > > QOP
> > > > > > > > of sybpks_intl_mutual_auth tells the server to do both server
> > and
> > > > client
> > > > > > > > certificate authentication.
> > > > > > > >
> > > > > > > > Dave Wolf
> > > > > > > > Internet Applications Division
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Greetings,
> > > > > > > > >
> > > > > > > > > Arjen Hup
> > > > > > > > >
> > > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > > >
> > > > > > > > > > PowerDynamo does not have this functionality. What you
> > could do
> > > > > > though
> > > > > > > > is
> > > > > > > > > > use a JavaServlet in Jaguar to get the info. Just redirect
> > them
> > > > to
> > > > > > > > Jaguar
> > > > > > > > > > once, let Jag pull the certificate info, then you could have
> > > > Dynamo
> > > > > > get
> > > > > > > > it
> > > > > > > > > > from Jaguar.
> > > > > > > > > >
> > > > > > > > > > Dave Wolf
> > > > > > > > > > Internet Applications Division
> > > > > > > > > >
> > > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > > > > I am working with the following tools:
> > > > > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > > > > -Web server: IIS 4.0
> > > > > > > > > > >
> > > > > > > > > > > We are using a server certificate on the web server and
> > client
> > > > > > > > > > > certificates on the browser for authentication.
> > > > > > > > > > > To find out which client is doing a request, we need some
> > > > > > information
> > > > > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > > > > We cannot get information from the client certificate
> > using
> > > > > > > > PowerDynamo.
> > > > > > > > > > >
> > > > > > > > > > > Is there a possibility that Powerdynamo can get
> > information
> > > > from
> > > > > > the
> > > > > > > > > > > client certificate.
> > > > > > > > > > >
> > > > > > > > > > > Using VBSCRIPT it is possible to get info from the client
> > > > > > certificate;
> > > > > > > > > > > VBSCRIPT has an object called Request and that object
> > which
> > > > has a
> > > > > > > > > > > feature called ClientCertificate
> > > > > > > > > > > Is there someting similar in Powerdynamo that we can use
> > ???
> > > > > > > > > > >
> > > > > > > > > > > Thanks in advance,
> > > > > > > > > > >
> > > > > > > > > > > Greetings Arjen Hup
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > >
> > >


Arjen Hup Posted on 2000-02-23 12:34:51.0Z
Newsgroups: sybase.public.easerver
Date: Wed, 23 Feb 2000 13:34:51 +0100
From: Arjen Hup <ahup@sybase.com>
Organization: Sybase, Inc.
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Subject: Re: Getting information from a client certificate using PD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 253
NNTP-Posting-Host: 158.76.4.53
Message-ID: <347_38B3D3EB.B9234922@sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com> <347_38AD6482.67D2CA10@sybase.com> <347_h22tOXie$GA.184@forums.sybase.com> <347_38AD69CE.4582D70A@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28092
Article PK: 159982

The applet works fine, saying that jaguar handles the exchange of the
certificates.
But the problem returns;how can I pass the certificate information from Jaguar
to PowerDynamo.
We are still working with EAS 3.0.1, but maybe it is possible that in version
3.5
one can pass information from Jaguar to PowerDynamo.

Does anyone know ?

Thanks in advance

"Dave Wolf [Sybase]" wrote:

> Actually, I just thought about this. If Dynamo is running in a web server
> that supports SSL, and you do the redirect as https://..... then the
> redirect would be in the encrypted channel.
>
> Dave Wolf
> Internet Applications Division
>
> Arjen Hup <ahup@sybase.com> wrote in message
> news:38ADBE06.E54FB3C2@sybase.com...
> > Hi Dave,
> >
> > Do you think that there is a secure way to pass the ssl info of the client
> > certificate from jaguar to PowerDynamo.
> >
> > I am gonna think about creating a jaguar component from an java applet via
> an
> > iiops listener.
> >
> > Anyway, thanks in advance
> >
> > Arjen Hup
> >
> > Arjen Hup wrote:
> >
> > > No, not behind a firewall
> > >
> > > "Dave Wolf [Sybase]" wrote:
> > >
> > > > Ah yes they would be in the clear, but likely behind a firewall right?
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > >
> > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > news:38AD6482.67D2CA10@sybase.com...
> > > > > Ok, this looks great !
> > > > > But what about security?
> > > > > Are the info variables encrypted and then sent to the client ???
> > > > >
> > > > > Thanks,
> > > > > Arjen Hup
> > > > >
> > > > > "Dave Wolf [Sybase]" wrote:
> > > > >
> > > > > > OK here's my idea. You send them to a Java servlet which extracts
> info
> > > > off
> > > > > > the certificate you need, like DN, etc. Now the servlet pulls
> this info
> > > > > > off, and does a redirect to a Dynamo script passing the info in
> fields,
> > > > so
> > > > > >
> > > > > > // Servlet Java code
> > > > > >
> > > > > >
> response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
> > > > > >
> > > > > > See, now in Dynamo you grab the variables and slap them into
> session
> > > > > > variables.
> > > > > >
> > > > > > Make sense?
> > > > > >
> > > > > > Dave Wolf
> > > > > > Internet Applications Division
> > > > > >
> > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > news:38AD59A1.6019188F@sybase.com...
> > > > > > > Hi Dave,
> > > > > > > You're right, the certificate is not in a pkcs12 format. We've
> already
> > > > > > asked
> > > > > > > Baltimore for
> > > > > > > a new server certificate. But another question came into my
> mind:
> > > > > > > Once, we have the client certificate and put all the info from
> that
> > > > > > certificate
> > > > > > > into a jaguar component or a string, how does Dynamo get it from
> > > > Jaguar
> > > > > > ???
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Arjen Hup
> > > > > > >
> > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > >
> > > > > > > > If it went into "Other Certificates" it is because it only had
> a
> > > > public
> > > > > > key
> > > > > > > > and no corresponding private key. Can you export the
> certificates
> > > > in
> > > > > > PKCS12
> > > > > > > > format so the private and public keys are present? The server
> needs
> > > > the
> > > > > > > > private key to use it for SSL.
> > > > > > > >
> > > > > > > > Dave Wolf
> > > > > > > > Internet Applications Division
> > > > > > > >
> > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > news:38AD2996.FB458DB5@sybase.com...
> > > > > > > > > Hi Dave here I am again,
> > > > > > > > >
> > > > > > > > > >The certificate used in the Security profile is the
> certificate
> > > > used
> > > > > > by
> > > > > > > > > >the server to build the SSL channel. You would go to
> verisign to
> > > > get
> > > > > > a
> > > > > > > > > >server certicicate, install it, and specify it in the
> security
> > > > > > profile.
> > > > > > > > >
> > > > > > > > > Okay, this sounds more logical than defining a user
> certificate in
> > > > the
> > > > > > > > Security
> > > > > > > > > Profile.
> > > > > > > > > But the Security Profile user interface contains a dropdown
> from
> > > > which
> > > > > > one
> > > > > > > > can
> > > > > > > > > select
> > > > > > > > > a certificate label. But this dropdown contains only the
> > > > certificates
> > > > > > that
> > > > > > > > are
> > > > > > > > > installed in the
> > > > > > > > > User Certificates folder of the Security Manager.
> > > > > > > > >
> > > > > > > > > At our project we are using Baltimore certificates. When I
> install
> > > > the
> > > > > > > > server
> > > > > > > > > certificate it is installed
> > > > > > > > > in the folder Other Certificates. Is it possible that I can
> select
> > > > > > these
> > > > > > > > > certificates from the 'certificate label' dropdown ?
> > > > > > > > > If not, how is it possible to get a server certificate, that
> is
> > > > > > installed
> > > > > > > > in the
> > > > > > > > > folder 'Other Certificates', into the USer Certificates
> folder.
> > > > > > > > >
> > > > > > > > > Thanks in advance,
> > > > > > > > >
> > > > > > > > > Arjen Hup
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > > >
> > > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > > > > > > Thanks for your fast response but how do I force Jaguar
> to
> > > > pull
> > > > > > the
> > > > > > > > > > > certificate info.
> > > > > > > > > > > If an https listener is specified with a security
> protocol
> > > > with;
> > > > > > > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > > > > > > - a certificate label: a user certificate
> > > > > > > > > > > Does this mean that the https listener can only be used
> by the
> > > > > > user
> > > > > > > > with
> > > > > > > > > > the
> > > > > > > > > > > certificate
> > > > > > > > > > > specified at the certificate label ?
> > > > > > > > > >
> > > > > > > > > > No. The certificate used in the Security profile is the
> > > > certificate
> > > > > > > > used by
> > > > > > > > > > the server to build the SSL channel. You would go to
> verisign
> > > > to
> > > > > > get a
> > > > > > > > > > server certicicate, install it, and specify it in the
> security
> > > > > > profile.
> > > > > > > > > >
> > > > > > > > > > > If yes, this won't work
> > > > > > > > > > > If no, how should I specify the security protocol of
> https
> > > > > > listener.
> > > > > > > > > >
> > > > > > > > > > Right now, for an example, just use the sample for the
> server
> > > > side
> > > > > > in
> > > > > > > > the
> > > > > > > > > > security profile. You can use any X.509 id for the
> browser
> > > > side.
> > > > > > The
> > > > > > > > QOP
> > > > > > > > > > of sybpks_intl_mutual_auth tells the server to do both
> server
> > > > and
> > > > > > client
> > > > > > > > > > certificate authentication.
> > > > > > > > > >
> > > > > > > > > > Dave Wolf
> > > > > > > > > > Internet Applications Division
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Greetings,
> > > > > > > > > > >
> > > > > > > > > > > Arjen Hup
> > > > > > > > > > >
> > > > > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > > > > >
> > > > > > > > > > > > PowerDynamo does not have this functionality. What
> you
> > > > could do
> > > > > > > > though
> > > > > > > > > > is
> > > > > > > > > > > > use a JavaServlet in Jaguar to get the info. Just
> redirect
> > > > them
> > > > > > to
> > > > > > > > > > Jaguar
> > > > > > > > > > > > once, let Jag pull the certificate info, then you
> could have
> > > > > > Dynamo
> > > > > > > > get
> > > > > > > > > > it
> > > > > > > > > > > > from Jaguar.
> > > > > > > > > > > >
> > > > > > > > > > > > Dave Wolf
> > > > > > > > > > > > Internet Applications Division
> > > > > > > > > > > >
> > > > > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > > > > > > I am working with the following tools:
> > > > > > > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > > > > > > -Web server: IIS 4.0
> > > > > > > > > > > > >
> > > > > > > > > > > > > We are using a server certificate on the web server
> and
> > > > client
> > > > > > > > > > > > > certificates on the browser for authentication.
> > > > > > > > > > > > > To find out which client is doing a request, we need
> some
> > > > > > > > information
> > > > > > > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > > > > > > We cannot get information from the client
> certificate
> > > > using
> > > > > > > > > > PowerDynamo.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Is there a possibility that Powerdynamo can get
> > > > information
> > > > > > from
> > > > > > > > the
> > > > > > > > > > > > > client certificate.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Using VBSCRIPT it is possible to get info from the
> client
> > > > > > > > certificate;
> > > > > > > > > > > > > VBSCRIPT has an object called Request and that
> object
> > > > which
> > > > > > has a
> > > > > > > > > > > > > feature called ClientCertificate
> > > > > > > > > > > > > Is there someting similar in Powerdynamo that we can
> use
> > > > ???
> > > > > > > > > > > > >
> > > > > > > > > > > > > Thanks in advance,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Greetings Arjen Hup
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > >
> >


Dave Wolf [Sybase] Posted on 2000-02-22 01:55:45.0Z
Newsgroups: sybase.public.easerver
From: "Dave Wolf [Sybase]" <dwolf@sybase.com>
Subject: Re: Getting information from a client certificate using PD
Date: Mon, 21 Feb 2000 20:55:45 -0500
Lines: 295
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
NNTP-Posting-Host: 158.159.8.19
Message-ID: <347_9JEP0hNf$GA.183@forums.sybase.com>
References: <347_38AC17D3.5F8397EF@sybase.com> <347_imF#kQWe$GA.184@forums.sybase.com> <347_38AC4EA3.696C11C0@sybase.com> <347_ZqEQrwbe$GA.204@forums.sybase.com> <347_38AD2996.FB458DB5@sybase.com> <347_YJa7SPhe$GA.324@forums.sybase.com> <347_38AD59A1.6019188F@sybase.com> <347_HGjgx$he$GA.184@forums.sybase.com> <347_38AD6482.67D2CA10@sybase.com> <347_h22tOXie$GA.184@forums.sybase.com> <347_38AD69CE.4582D70A@sybase.com>
Path: forums-1-dub!forums-1-dub!forums-master.sybase.com!forums.sybase.com
Xref: forums-1-dub sybase.public.easerver:28256
Article PK: 160298

Actually, I just thought about this. If Dynamo is running in a web server
that supports SSL, and you do the redirect as https://..... then the
redirect would be in the encrypted channel.

Dave Wolf
Internet Applications Division

Arjen Hup <ahup@sybase.com> wrote in message
news:38ADBE06.E54FB3C2@sybase.com...
> Hi Dave,
>
> Do you think that there is a secure way to pass the ssl info of the client
> certificate from jaguar to PowerDynamo.
>
> I am gonna think about creating a jaguar component from an java applet via
an
> iiops listener.
>
> Anyway, thanks in advance
>
> Arjen Hup
>
> Arjen Hup wrote:
>
> > No, not behind a firewall
> >
> > "Dave Wolf [Sybase]" wrote:
> >
> > > Ah yes they would be in the clear, but likely behind a firewall right?
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > >
> > > Arjen Hup <ahup@sybase.com> wrote in message
> > > news:38AD6482.67D2CA10@sybase.com...
> > > > Ok, this looks great !
> > > > But what about security?
> > > > Are the info variables encrypted and then sent to the client ???
> > > >
> > > > Thanks,
> > > > Arjen Hup
> > > >
> > > > "Dave Wolf [Sybase]" wrote:
> > > >
> > > > > OK here's my idea. You send them to a Java servlet which extracts
info
> > > off
> > > > > the certificate you need, like DN, etc. Now the servlet pulls
this info
> > > > > off, and does a redirect to a Dynamo script passing the info in
fields,
> > > so
> > > > >
> > > > > // Servlet Java code
> > > > >
> > > > >
response.sendReditect("http://host/DynamoMapping/captureSSL.stm?DN="....
> > > > >
> > > > > See, now in Dynamo you grab the variables and slap them into
session
> > > > > variables.
> > > > >
> > > > > Make sense?
> > > > >
> > > > > Dave Wolf
> > > > > Internet Applications Division
> > > > >
> > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > news:38AD59A1.6019188F@sybase.com...
> > > > > > Hi Dave,
> > > > > > You're right, the certificate is not in a pkcs12 format. We've
already
> > > > > asked
> > > > > > Baltimore for
> > > > > > a new server certificate. But another question came into my
mind:
> > > > > > Once, we have the client certificate and put all the info from
that
> > > > > certificate
> > > > > > into a jaguar component or a string, how does Dynamo get it from
> > > Jaguar
> > > > > ???
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Arjen Hup
> > > > > >
> > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > >
> > > > > > > If it went into "Other Certificates" it is because it only had
a
> > > public
> > > > > key
> > > > > > > and no corresponding private key. Can you export the
certificates
> > > in
> > > > > PKCS12
> > > > > > > format so the private and public keys are present? The server
needs
> > > the
> > > > > > > private key to use it for SSL.
> > > > > > >
> > > > > > > Dave Wolf
> > > > > > > Internet Applications Division
> > > > > > >
> > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > news:38AD2996.FB458DB5@sybase.com...
> > > > > > > > Hi Dave here I am again,
> > > > > > > >
> > > > > > > > >The certificate used in the Security profile is the
certificate
> > > used
> > > > > by
> > > > > > > > >the server to build the SSL channel. You would go to
verisign to
> > > get
> > > > > a
> > > > > > > > >server certicicate, install it, and specify it in the
security
> > > > > profile.
> > > > > > > >
> > > > > > > > Okay, this sounds more logical than defining a user
certificate in
> > > the
> > > > > > > Security
> > > > > > > > Profile.
> > > > > > > > But the Security Profile user interface contains a dropdown
from
> > > which
> > > > > one
> > > > > > > can
> > > > > > > > select
> > > > > > > > a certificate label. But this dropdown contains only the
> > > certificates
> > > > > that
> > > > > > > are
> > > > > > > > installed in the
> > > > > > > > User Certificates folder of the Security Manager.
> > > > > > > >
> > > > > > > > At our project we are using Baltimore certificates. When I
install
> > > the
> > > > > > > server
> > > > > > > > certificate it is installed
> > > > > > > > in the folder Other Certificates. Is it possible that I can
select
> > > > > these
> > > > > > > > certificates from the 'certificate label' dropdown ?
> > > > > > > > If not, how is it possible to get a server certificate, that
is
> > > > > installed
> > > > > > > in the
> > > > > > > > folder 'Other Certificates', into the USer Certificates
folder.
> > > > > > > >
> > > > > > > > Thanks in advance,
> > > > > > > >
> > > > > > > > Arjen Hup
> > > > > > > >
> > > > > > > >
> > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > >
> > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > news:38AC4EA3.696C11C0@sybase.com...
> > > > > > > > > > Thanks for your fast response but how do I force Jaguar
to
> > > pull
> > > > > the
> > > > > > > > > > certificate info.
> > > > > > > > > > If an https listener is specified with a security
protocol
> > > with;
> > > > > > > > > > - the security characteristic: "sybpks_intl_mutual_auth"
> > > > > > > > > > - a certificate label: a user certificate
> > > > > > > > > > Does this mean that the https listener can only be used
by the
> > > > > user
> > > > > > > with
> > > > > > > > > the
> > > > > > > > > > certificate
> > > > > > > > > > specified at the certificate label ?
> > > > > > > > >
> > > > > > > > > No. The certificate used in the Security profile is the
> > > certificate
> > > > > > > used by
> > > > > > > > > the server to build the SSL channel. You would go to
verisign
> > > to
> > > > > get a
> > > > > > > > > server certicicate, install it, and specify it in the
security
> > > > > profile.
> > > > > > > > >
> > > > > > > > > > If yes, this won't work
> > > > > > > > > > If no, how should I specify the security protocol of
https
> > > > > listener.
> > > > > > > > >
> > > > > > > > > Right now, for an example, just use the sample for the
server
> > > side
> > > > > in
> > > > > > > the
> > > > > > > > > security profile. You can use any X.509 id for the
browser
> > > side.
> > > > > The
> > > > > > > QOP
> > > > > > > > > of sybpks_intl_mutual_auth tells the server to do both
server
> > > and
> > > > > client
> > > > > > > > > certificate authentication.
> > > > > > > > >
> > > > > > > > > Dave Wolf
> > > > > > > > > Internet Applications Division
> > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Greetings,
> > > > > > > > > >
> > > > > > > > > > Arjen Hup
> > > > > > > > > >
> > > > > > > > > > "Dave Wolf [Sybase]" wrote:
> > > > > > > > > >
> > > > > > > > > > > PowerDynamo does not have this functionality. What
you
> > > could do
> > > > > > > though
> > > > > > > > > is
> > > > > > > > > > > use a JavaServlet in Jaguar to get the info. Just
redirect
> > > them
> > > > > to
> > > > > > > > > Jaguar
> > > > > > > > > > > once, let Jag pull the certificate info, then you
could have
> > > > > Dynamo
> > > > > > > get
> > > > > > > > > it
> > > > > > > > > > > from Jaguar.
> > > > > > > > > > >
> > > > > > > > > > > Dave Wolf
> > > > > > > > > > > Internet Applications Division
> > > > > > > > > > >
> > > > > > > > > > > Arjen Hup <ahup@sybase.com> wrote in message
> > > > > > > > > > > news:38AC17D3.5F8397EF@sybase.com...
> > > > > > > > > > > > I am working with the following tools:
> > > > > > > > > > > > -Transaction server: Jaguar 3.01
> > > > > > > > > > > > -Application Server: PowerDynamo 3.01
> > > > > > > > > > > > -Web server: IIS 4.0
> > > > > > > > > > > >
> > > > > > > > > > > > We are using a server certificate on the web server
and
> > > client
> > > > > > > > > > > > certificates on the browser for authentication.
> > > > > > > > > > > > To find out which client is doing a request, we need
some
> > > > > > > information
> > > > > > > > > > > > from the client certificate. That's our problem !!!
> > > > > > > > > > > > We cannot get information from the client
certificate
> > > using
> > > > > > > > > PowerDynamo.
> > > > > > > > > > > >
> > > > > > > > > > > > Is there a possibility that Powerdynamo can get
> > > information
> > > > > from
> > > > > > > the
> > > > > > > > > > > > client certificate.
> > > > > > > > > > > >
> > > > > > > > > > > > Using VBSCRIPT it is possible to get info from the
client
> > > > > > > certificate;
> > > > > > > > > > > > VBSCRIPT has an object called Request and that
object
> > > which
> > > > > has a
> > > > > > > > > > > > feature called ClientCertificate
> > > > > > > > > > > > Is there someting similar in Powerdynamo that we can
use
> > > ???
> > > > > > > > > > > >
> > > > > > > > > > > > Thanks in advance,
> > > > > > > > > > > >
> > > > > > > > > > > > Greetings Arjen Hup
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > >
> > > > > > > >
> > > > > >
> > > >
>