1 / 9

TAGPMA Twiki

TAGPMA Twiki. http://tagpma.es.net. Agenda. ESnet Web hosting environment Certificate based authentication Enrollment Automation Problems&/Solutions Suggestions&/Contribution. -----End Certificate Request-----. Virtual Web Server.

tameka
Download Presentation

TAGPMA Twiki

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAGPMA Twiki http://tagpma.es.net

  2. Agenda • ESnet Web hosting environment • Certificate based authentication • Enrollment Automation • Problems&/Solutions • Suggestions&/Contribution -----End Certificate Request-----

  3. Virtual Web Server • ESnet is been using TWiki for its own business internal/external • ESnet uses a specific version of Twiki & default template they use to host any new TWiki • TAGPMA is one of them • Security – Machine, OS, Patches

  4. Certificate Based Authentication • Check in and Check out caused problem by enabling Certificate based authentication • Modified the check-in and check-out module to replace the “space“ to “_”; which worked • So the long modified subject DN in LDAP order showed up on all the pages • We wanted to reverse the order • Cut all the components except the CN • Wanted to derive the WikiName from the SubjectDN to avoid wikiname errors

  5. Certificate Based Authentication Apache Config • Mostly httpd-ssl.conf file • SSLOptions +OptRenegotiate TWiki Modules: • ~/lib/TWiki.pm • ~/data/TWiki/TWikiRegistration.txt

  6. Registration Automation • Pre-Registration & TWiki Registration: • We couldn’t extract the SubjectDN, if we simply accept the the certificate based on the trust root Certificate Authorities • We need to have a .htpasswd at apache level to extract the SubjectDN at Twiki level • Initially we had a separate web server just to do the SSL Client authentication to generate the .htpasswd file (Pre-Registration) Continued…

  7. Registration Automation • Then we were able to extract the SubjectDN and pre-fill the Twiki registration • Then we combined the Pre-Registration with the Twiki Registration

  8. Problems&/Solutions • Pre-registration and Twiki registration is not stable because Pre-Registration is supposed to be open to all but the Twiki registration is restricted to only those finished the Pre-Registration • The trust anchors created few problems • The error messages weren’t useful for the registrants; but were able to draw

  9. -----Begin Certificate----- • Suggestions&/Solutions -----End Certificate-----

More Related