1

I am required to create a two way mutual handshake between a desktop client and WCF Service. I am using a Let's Encrypt Server Certificate on my Server but open to use Self Signed Certificate as well. I wish to generate a Client Certificate and install it on the client's machine after successful authentication via OTP. The idea is to authenticate/authorize the desktop app for further communication with the server.

After few of my research I found that OpenSSL.Net enable to create certificates.

jww
  • 97,681
  • 90
  • 411
  • 885
Niket Khanduja
  • 11
  • 2
  • Checkout [Origin Bound Certificates](http://www.czeskis.com/research/pubs/tls-obc.pdf). Also see [Mutual authentication when client gives you their public certificate](https://stackoverflow.com/questions/37016795/mutual-authentication-when-client-gives-you-their-public-certificate#comment61638442_37022127). Its a different question and langauge, but it appears to be the same issue. – jww Sep 26 '16 at 23:26
  • thanks jww. The idea is similar but OBC requires to create self signed certificates, I am looking in the direction of Enterprise Model approach – Niket Khanduja Sep 27 '16 at 07:02
  • If its an enterprise PKI, then checkout [Simple Certificate Enrollment Protocol (SCEP)](https://tools.ietf.org/html/draft-nourse-scep). I believe Microsoft calls it NDIS. Cisco has a name for it. I don't know what OS X or Linux calls it, but I'm sure its out there. Also see [scep vulnerability](https://www.google.com/search?q=scep+vulnerability). You have to keep those devices within you logical security boundary when provisioning them. Don't just sign any old request. – jww Sep 27 '16 at 07:11

0 Answers0