Client Certificates in Vault

ggaudet · Post by **ggaudet** » Wed Sep 08, 2004 6:52 am

Hi,

I am having trouble finding out if vault can use client certificates (via IIS making client certificates mandatory). And if Vault does support this, which version did it start to do so?

Gavin.

ggaudet · Post by **ggaudet** » Wed Sep 08, 2004 7:18 am

Forgot to add our current server/Vault setup:

Vault 2.0.3 (clients and server)
Win Server 2003 Standard Edition (IIS 6.0)

We plan to upgrade to 2.0.7 within a few days.

Gavin.

Post by **jeremy_sg** » Wed Sep 08, 2004 9:44 am

Vault hasn't added any specific support for Client Certificates. We would like to in the future. I'll note that you requested this in our internal bug tracking.

ggaudet · Post by **ggaudet** » Thu Sep 09, 2004 1:15 am

Just to clarify, when you say that

jeremy_sg wrote:Vault hasn't added any specific support for Client Certificates.

you mean that Vault will not work with client certificates, or that it does, but Vault doesn't do anything additional with it (like notify the user about using CCs)??

Gavin.

Post by **jeremy_sg** » Thu Sep 09, 2004 7:08 am

I was being intentionally vague. If there were a way to have IE send a client certificate, then it's possible that Vault would also send the client certificate. I haven't fully studied all of the ways to include client certificates, so I can't say it is possible or not possible. What I can say, is that there is currently no code in Vault to choose client certificates to send. This is a problem that I want to solve in the future, but it's not going to make it into the 2.1 release.

-Jeremy

jerwin · Post by **jerwin** » Tue Aug 28, 2007 8:57 am

I see this was a topic all the way back in 2004. I am hopeful that this has been implemented and I'm just not seeing how to configure Vault client to use client certificates. This would be a big benefit to our source control infrastructure security.

What is the status of client certificates in Vault client. We currently have over 20 client licenses for Vault 4.x.

regards,

JE

Post by **jeremy_sg** » Tue Aug 28, 2007 9:00 am

This is indeed a very long standing request, but hasn't yet made it in to the product. I'm sorry to disappoint you.

jerwin · Post by **jerwin** » Tue Aug 28, 2007 9:09 am

First, just let me say that we love Vault, and even though as a Microsoft Certified Gold Partner we have the opportunity to use TFS for source control free of charge (beyond our partner fees) we have chosen to continue to use and support Vault.

I've implemented client certificate support in several web service clients I've worked on over the last two years and yes, while it would take some effort, it's not exactly rocket science either. Is there any chance we might see this support soon?

If not, is there a way to "hook" into the client so I could implement this myself? If so, could you point me in the right direction to documentation on how I would approach this from a vault client standpoint?

regards,

JE

Post by **jeremy_sg** » Tue Aug 28, 2007 2:09 pm

Unfortunately, there's no way that you could hook in to do this that I know of. My only defense for our lack of progress on this feature is that there have been less than a handful of requests for it in all of the time that Vault has been around.

jerwin · Post by **jerwin** » Wed Aug 29, 2007 8:31 am

jeremy_sg wrote:Unfortunately, there's no way that you could hook in to do this that I know of. My only defense for our lack of progress on this feature is that there have been less than a handful of requests for it in all of the time that Vault has been around.

This indeed is a shame. While this does make my job more difficult at this point, I understand the economics. I'm starting another thread asking about other possible avenues to support the kind of network security configuration we're seeking for vault.

Also, I do appreciate the very prompt response to my posts.

JE

SourceGear Support

Client Certificates in Vault

Client Certificates in Vault

Any news on support for client certifcates in vault client?