Machine (computer) authentication supported?

Got a problem with Viscosity or need help? Ask here!

agillis

Posts: 2
Joined: Sat May 29, 2021 5:26 am

Post by agillis » Sat May 29, 2021 5:58 am
Hi all,

Does viscosity support windows "machine authentication" (a.k.a. computer authentication)?
Machine authentication uses a machine certificate (in kernel mode) to authenticate the endpoint.
The docs mention user authentication, which is quite different since it makes use or a user certificate (in user mode).

Thank you,
Amos

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon May 31, 2021 8:13 am
Hi Amos,

The closest thing to this would be the cryptoapicert command which allows you to use certificates/keys in the Windows certificate manager/keystore.

https://sparklabs.com/support/kb/articl ... ptoapicert

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

agillis

Posts: 2
Joined: Sat May 29, 2021 5:26 am

Post by agillis » Tue Jun 01, 2021 12:40 am
Thank you Eric for your swift reply.

I think cryptoapicert would work, depending on the privileges of the invoking process.
Normal users have no rights to access "machine" (a.k.a "computer") certificates/keys.
Solutions like Citrix Gateway can use machine certificates for authentication because they rely on a system service.
So I guess my question should be "does Viscosity rely on a service running with system privileges?".

Best regards,
Amos

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Jun 02, 2021 7:53 am
Hi Amos,

Viscosity relies on a service running with elevated privileges to handle tasks that require elevation like setting up networking. The service can be changed to run as any user your like though other than Builtin System if you wish, as long as that user has access to do things like create PnP drivers and setup networks.

In regards to cryptoapicert, Viscosity will search the machine store first, and if no match is found, will fall back to the local users store.

Viscosity has a built in 30 day trial so feel free to test Viscosity out and see if it suits your needs.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1