I need to verify presence of machine certificate on a windows machine before allowing them to access intranet resources. I got it working with Host checker but I was wondering if there was a way to check machine certificate without invoking HC as it seems slow and fails on random machines. I am using AD for username/password authentication acting as first factor.
thanks in advance,
Solved! Go to Solution.
Thanks for your reply but I have one question:
DOes this User certificate presents itself to IVE via browser during connection setup time? or you still have to run HC on the client machine to find it?
The browser should be able to present the client cert, otherwise the login will not be possible.
E.g. in our case we have the entrust client, so if you try accessing from a machine without entrust client and thus without your personal
cert you won't be able to access.
Another thing would be the the so called "machine certs", that you could carry around on a smart card but then you would need to use the HC.
So in order to use client certificates, client machine will need another "client" to present this certificate to IVE? I thought if machine has "user certificate", it will offer it via browser to IVE. Is this assumption wrong?
thanks in advance,
Ah sorry. No you were right. I just tried (and wanted, but it did obviously not work ) to point out, that the Browser on the used PC, in your example Kiosk, needs to have this user cert, that's all.
I just went one stept further, for our company's special case where the browser does not "store" the user cert, more than that assumes an entrust client software to be there to present the cert, so if our comp. would use user cert based auth. user's would not be able to authenticate because the may only have the cert in access via the entrust client.