If you are using client certificate authentication, limit the certificates in the certificate store

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you are using certificate authentication, consider reducing the attack surface by limiting the certificates in the certificates store.
  • Consider deleting all the root certificates from the trusted root certification authorities store not required to authenticate your clients.
  • If your client base is large, consider using chain trust validation instead of peer trust so you have a smaller number of certificates to manage.
  • If your client base is small, consider using to peer trust validation authentication. This will require that you manage one certificate per user basis. Any users not installed in the trusted people store will be denied access to the service.

Last edited Jun 12, 2008 at 9:49 PM by prashantbansode, version 1

Comments

No comments yet.