Strong Authentication using SSL/TLS Client Certificates

Posted by Liaquat Khan on 05-Dec-2012 12:50:00

SSL-Client-Authentication_14

We have recently added a strong user authentication method into SigningHub that uses X.509 SSL/TLS client authentication certificates. This feature is only available to on-premise installations of SigningHub.

This provides a more secure alternative to passwords as these can be subjected to brute force attacks. Not only is SSL client authentication more secure but it can also mean that users can login without providing passwords which makes life easier. To learn more about SSL/TLS client authentication click here .

Note: SigningHub already uses SSL/TLS security but only with server authentication certificates, where users are authenticated using username/passwords. The communication link between the browser and server is secured using strong encryption as used by many banking sites. Our SSL/TLS server authentication certificate is also trusted in almost all publically known browsers."

How to configure

After installing Ascertia Docs (the product which powers SigningHub), enable SSL/TLS client and server authentication by configuring the following tags inside the adocs.config file (see highlighted items):

SSL-Client-Authentication_18
 
 
 

 

Use Interface

Once configured the Register and Login pages work differently. Before login you need to register with your SSL/TLS client certificate. Accessing the registration page shows the following screen:

SSL-Client-Authentication_03

 

 

 

 

 

 

 

 

 

 

 

 


As you can see the registration page is different as now you cannot edit your email address (this is taken directly from your SSL/TLS client certificate) and there are no password fields as well. Once registered successfully, user gets an activation email as normal and on activating is show the welcome screen.

SSL-Client-Authentication_06

 

 

 

 

 

 

 

 

If your SSL/TLS authentication certificate is about to expire (every digital certificate has a validity period normally 1 year) a warning message is shown at login time, suggesting to re-register with a newly issued certificate.

SSL-Client-Authentication_10

 

 

 

 

 

 

 

 

 

 

The administrator can configure how many days before imminent expiry should these alerts are shown to the user. Once your SSL/TLS client certificate is expired, it can no longer be used. You can however register a new certificate that has been issued to you by your administrator.

For further details on have SigningHub installed in house contact us and we will be happy to provide the full product on a free trial basis.

It’s that simple. Happy signing!

Topics: SSL Client, Secure, SSL Server, Authentication, Ascertia Docs, TLS

Posts by Topic

see all

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook