Hi everyone here is a Question that Lenny asked me to pubish on the board its a copy of a Question that i had asked him directly.
Quote:
Originally Posted by chadbrown
Ok if i use something like no-ip is there a way to make the web login page check the clients ip against the current no-ip address?
Quote:
Originally Posted by Lenny Forziati
To enable SSL, the server must have a certificate which is used to encrypt the communications. You can purcahse a certificate from a well known Certificate Authority (CA) such as Verisgn, or you can have the server act as its own CA and sign its own certificate. Browsers will typically warn the user when their browser visits an SSL server with a self-signed certificate because it does not recognize the signer and cannot guarantee the identity of the server.
There is no facility in the Application Server itself to restrict logins to only certain clients when those clients are using dynamic IP addresses. If the clients had static IPs, you could restrict access based on that. In your case, you will be left to something like a VPN to restrict access.
Quote:
Originally Posted by chadbrown
Ok what are the self signed certificates in server then? Maybe i am going in the wrong direction. I'm looking to layer security so that a staff member cannot sign in a home and do transactions. by the way they are all dynamic ip addresses.
Quote:
Originally Posted by Lenny Forziati
What you are describing are client certificates. The Application Server does not support these.
Quote:
Originally Posted by chadbrown
Hi Lenny i have an app that runs on was. I have about 60 machines that sign into the app on a daily basis. what i would like to do is create a certificate for each machine so that i know for sure that it is infact one of my machines that is signing into the website. Reason for all of this is i do not want an employee logging in from a machine that is not at my one of my stores and I would also presume that if i changed the machine out i could kill the certificate and create a new one. If i did all of this do i just turn on ssl in the system and then any machine trying to sign in without a ssl would be refused access?
Hope to hear from you soon.
Thanks,
Chad Brown
Canadian Wireless Communications Inc.
version 9 soon to be 10.
416.606.8080
Quote:
Originally Posted by chadbrown
Ok if i use something like no-ip is there a way to make the web login page check the clients ip against the current no-ip address?
Quote:
Originally Posted by Lenny Forziati
To enable SSL, the server must have a certificate which is used to encrypt the communications. You can purcahse a certificate from a well known Certificate Authority (CA) such as Verisgn, or you can have the server act as its own CA and sign its own certificate. Browsers will typically warn the user when their browser visits an SSL server with a self-signed certificate because it does not recognize the signer and cannot guarantee the identity of the server.
There is no facility in the Application Server itself to restrict logins to only certain clients when those clients are using dynamic IP addresses. If the clients had static IPs, you could restrict access based on that. In your case, you will be left to something like a VPN to restrict access.
Quote:
Originally Posted by chadbrown
Ok what are the self signed certificates in server then? Maybe i am going in the wrong direction. I'm looking to layer security so that a staff member cannot sign in a home and do transactions. by the way they are all dynamic ip addresses.
Quote:
Originally Posted by Lenny Forziati
What you are describing are client certificates. The Application Server does not support these.
Quote:
Originally Posted by chadbrown
Hi Lenny i have an app that runs on was. I have about 60 machines that sign into the app on a daily basis. what i would like to do is create a certificate for each machine so that i know for sure that it is infact one of my machines that is signing into the website. Reason for all of this is i do not want an employee logging in from a machine that is not at my one of my stores and I would also presume that if i changed the machine out i could kill the certificate and create a new one. If i did all of this do i just turn on ssl in the system and then any machine trying to sign in without a ssl would be refused access?
Hope to hear from you soon.
Thanks,
Chad Brown
Canadian Wireless Communications Inc.
version 9 soon to be 10.
416.606.8080