Ed Shryane
Ed Shryane
@Gunni We didn't have time to add this feature to Whois 1.97.1, but we still plan to implement it. I will have an update for the DB-WG session at RIPE80...
@Gunni We've merged initial support for this feature. We will include the change in the Whois 1.97.2 release, but it will be turned off in production for now, until the...
Hi @daniel-brenot @Gunni We have implemented this feature, but we haven't enabled in production yet. We are planning to do a security review, and we are now also replacing our...
Hi @Gunni We plan to initially enable it in the Release Candidate environment, but we're going to wait until we switch the proxy layer from httpd to F5, hopefully we'll...
Hi @Gunni I went ahead and enabled client certificate authentication in Release Candidate, so feel free to test: https://www.ripe.net/manage-ips-and-asns/db/release-notes/rc-release-candidate-environment You'll need to generate a key-pair, then create a keycert object...
The whois code changes are in #637
Hi @Gunni Thanks for testing! Good to hear it's working for you. We haven't implemented client certificate authentication for reads yet (GET requests), only for updates (POST, PUT, DELETE). We...
Hi @Gunni this feature is still on our list, we had some problems making it *optional* with the F5 loadbalancer we're currently using. We plan now to move HTTPS support...
Hi @Gunni Happy New Year. Yes I presented on client certificate authentication at RIPE87 in Rome: https://ripe87.ripe.net/programme/meeting-plan/db-wg/ We've implemented Client Certificate authentication together with backend HTTPS in the Whois 1.109...
Hi @Gunni I've documented how to use Client Certificate Authentication in the DB documentation with an example: https://apps.db.ripe.net/docs/Appendices/Appendix-I--Client-Certificate-Authentication/ Use the host name `rest-cert.db.ripe.net` instead of `rest.db.ripe.net`, we separated the service...