Results 1 to 1 of 1

Thread: revoking access when using certificate based authentication

  1. #1
    PhD
    PhD is offline Senior Member
    Join Date
    Jun 2011
    Posts
    68
    Rep Power
    4

    Default revoking access when using certificate based authentication

    Howdy there,

    we are using certificate based authentication as described in /opt/zimbra/certauth.txt (literally word for word configuration as per the doc, apart from company/domain name changes) (also described here http://wiki.zimbra.com/wiki/Gautam-N...9_certificates)

    We create the CA certs, add it to zimbra's keystore, create the user cert, sign the user cert with the CA cert.. then export the .crt to a .p12 cert so it can be imported into browsers..

    The question is, how can i invalidate/revoke access to someone using a certificate?

    ive tried doing the following

    [root@zimbra certs]# /opt/zimbra/openssl/bin/openssl ca -cert Zimbra-CA.crt -keyfile Zimbra-CA.key -revoke username.crt
    Using configuration from /opt/zimbra/openssl-1.0.0e/ssl/openssl.cnf
    Revoking Certificate 35.
    Data Base Updated

    So, it "says" the crt is revoked... but i can still log in via my p12 certificate.
    Ive even tried extracting the .pem out of the p12, and revoking that (however it says its already revoked from the previous command)

    Does any one have any ideas?

    EDIT: After some reading.. it talks about generating and publishing CRL's.. but, if the client isnt checking a CRL, how can we force invalidation of their certificate?
    Last edited by PhD; 05-15-2012 at 07:25 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Problem with commercial certificate
    By ppaixao in forum Administrators
    Replies: 3
    Last Post: 06-05-2012, 01:49 PM
  2. Is Outlook connector based on Clien Access License
    By blason in forum Administrators
    Replies: 1
    Last Post: 11-13-2011, 07:48 PM
  3. Certificate based client authentication
    By Joe-3455656 in forum Administrators
    Replies: 1
    Last Post: 10-13-2011, 03:31 PM
  4. Adding SSL based SMTP authentication
    By Miklos Kalman in forum Installation
    Replies: 15
    Last Post: 02-14-2008, 04:34 PM
  5. Basic Authentication access
    By francoisal in forum Administrators
    Replies: 3
    Last Post: 04-05-2006, 08:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •