Client side SSL certificate for a specific web page
Question
网站中的特定网页可以使用客户端SSL证书对Web请求进行身份验证,而其他网页则不能吗?
2 answers
solution1
1 ACCPTED 2010-07-15 15:38:35
It's possible using SSL/TLS renegotiation. The way to configure it depends on the server you're using (and whether it supports it).
Note that, at the end of last year (October/November 2009), an SSL/TLS protocol flaw was discovered regarding this feature. SSL/TLS stacks that support renegotiation based on code before that will be vulnerable to the attack. Most libraries did an emergency security update where they disable renegotiation altogether (therefore removing the client-certificate renegotiation). In February 2010, RFC 5746 was published with a fix to this problem, but not all stacks implement it yet.
solution2
0 2010-07-15 15:37:05
I believe the most common way to secure a single page is to put it in a subfolder that is SSL-secured.
This article may help: http://www.leastprivilege.com/PartiallySSLSecuredWebAppsWithASPNET.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.