Search All Forums
Dart Home | PowerTCP WebServer for ActiveX | Custom Development Reply | PowerTCP WebServer for ActiveX Topics | Forums   
AuthorForum: PowerTCP WebServer for ActiveX
Topic: Client Authentication and TrustedRoot

From: Beaverton, OR USA
Posts: 8
Member Since: 11/23/07
posted December 18, 2007 6:08 PM

I saw something a bit strange while playing around with Client Authentication on the web server tool.

Short version: In the "Authenticate" event, how are the values of "TrustedRoot" determined? I supplied a very non-trusted certificate (one I created using Certificate Manager) to the server and, debugging the event, TrustedRoot was set to True. Why would a test certificate created by Certificate Manager with a dummy CA be considered to be from a trusted root?

Here's the long version...

I first enabled Client Authentication on the web server control, and did an SSL listen. Just to see how it worked, I hit it with my browser. As expected, it failed to connect properly because I had no user certificate selected.

So... I created a dummy certificate using the Certificate Manager, went into Internet Options, and did an Export of the certificate. Then I went back into my browser (Firefox) and imported the just-created dummy certificate as a user certificate.

All fine and good so far. I once again hit my web server listener with my browser. Because the browser was now configured with a user certificate, the Authenticate event fired as expected. But... lo and behold, WebServer apparently thinks "MyDummyCertificate-CA" is a trusted root.

So... as I asked above, what's the criteria for TrustedRoot to return a False value? I would like for the WebServer control to tell me whether or not a CA is trusted explicitly so I have some control over how a user certificate is validated.

Incidentally, "ValidDate" is coming down from the event as "False" even though the certificate is up-to-date (today is between the ValidFrom and ValidTo settings of the certificate). Could it possibly be that TrustedRoot and ValidDate were accidentally swapped in your code when you fire the event?? Is the "TrustedRoot" boolean actually the "ValidDate" setting, and vice versa? That could explain what I'm seeing...


From: Rome, NY, USA
Posts: 137
Member Since: 09/17/07
posted December 19, 2007 4:00 PM

Hello Paul,

With regards to the query I would like to inform you that if the CA of the certificate from the browser is added as a trusted root on the machine, the TrustedRoot would return True.
Therefore I would request you to please check for the same and share your observations.

The ValidDate would check the date in the ValidTo property of the RemoteCertificate and then match the value with the current date on the system. If the date on the machine has crossed the date in the ValidDate property, it would return False.

I have tested with the latest version of the control ie 1.8.4. Please let me know if you are using a different version.

I hope this helps.
Have a great day.

Reply | PowerTCP WebServer for ActiveX Topics | Forums   
This site is powered by PowerTCP WebServer Tool PowerTCP WebServer for ActiveX