Thanks for the suggestion David. Unfortunately we are not connecting to an active directory domain - our application has to go out over the internet. I did a bit of fiddling with the certificates snap ins, but Microsoft only makes certificates installed in the user account available to IE. One other thing I've been mulling over - is it possible to get a cheap piece of hardware (i.e. a dongle of some sort) that you can put an X509 certificate on? If so, could anyone point me in the direction of a company that provides such a product? Regards Denis
On Thu, Jan 29, 2009 at 2:23 PM, David Stutzman <dstutz.m...@nospam.dstutz.com> wrote: > Denis McCarthy wrote: >> >> customers use. On this application, it is important to identify the >> physical machine on which a transaction takes place. In most of our > >> b) The application is currently multi platform, but all our users use >> windows (because that is what the application we are replacing runs >> on). If we have to, we can stipulate that our users must use windows >> if we have to. Is there some way we could interact with the windows >> key store to extract a machine based key to authenticate with our >> server? > > Microsoft supports "machine" certificates and in an active directory domain > for instance, you can enforce that a computer in the domain must have a > machine certificate to connect to the domain at all. > > If you open the certificates snap-in in the Microsoft management console > (start -> run-> "mmc", and you can add in the certs snap-in) it asks you > whether to add one for "My user account" "Service Account" or "Computer > account". You'd most likely want to drop a cert in "Computer Account" for > your purposes. > > I don't know exactly how all this works, but I know it can be done so it's > something you can definately look into. Probably start with Microsoft PKI > documentation. > > Dave > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- Annadale Technologies Limited -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
