PKI certificates

[DLH]

When a client with no DoD PKI certificate attempts to talk
to a Server PKI DoD Certificated computer with the Sever
accept the client and issue a certificate or will it
reject the client? If the client is rejected how can it
talk to the Server?

 

[Steven L Umbach]

I am not familiar with the DOD in question, but a server, such as a web server, can
require a certificate before a session is established if they require client
authentication. Public web servers using ssl for instance generally do not require a
client certificate. If a client certificate is needed, the user will need to request
one from a trusted Certificate Authority. Certificate Authorities will need some sort
of credentials to issue a certificate in order to protect the integrity of PKI. ---
Steve

 

[Edward A. Feustel]

When a client with no DoD PKI certificate attempts to talk
to a Server PKI DoD Certificated computer with the Sever
accept the client and issue a certificate or will it
reject the client? If the client is rejected how can it
talk to the Server?

Normally communication using certificates is over SSL (https).
Any client can communicate with a server possessing a certificate using SSL.
The key is whether mutual authentication is required. If it is, the
authentication
can be by password or certificate. In this case, the client has to provide
authentication of
itself. The server gets to decide whether the authentication is "sufficient"
before it
authorizes the client and performs the service that is requested.

In the case of the DoD, they are looking for a certificate signed by the DoD
certificate
authority (ies). If they don't find one, they will refer you to the "not
authorized" message.

Ed