how to bind a client to an environment in 2-way SSL

Discussion in 'other security issues & news' started by aravinda777, Feb 8, 2010.

Thread Status:
Not open for further replies.
  1. aravinda777

    aravinda777 Registered Member

    Feb 8, 2010

    I am working on an application which operates on 2-way SSL. The server and client components communicate over a secure channel. Right now the certificates are self signed.

    I need to find a way by which I can ensure that the client is authentic. Although I may issue individual certificates for clients, still if someone gets hold of the certificate he can communicate with the server irrespective of the location/environment. For an example, I need to ensure that the client we have given to company A is usable only from Company A.

    Is there any way by which we can bind a domain or IP range to SSL? What are the options I have? Am i missing something trivial?

Thread Status:
Not open for further replies.