How do you verify client certificate authentication?

How do you verify client certificate authentication?

As I can read some of these posts here (eg here), you have to check the certificate and the hostname/domain name of the client, then compare those to what you know to be true or not true.

How can you do that? Should I run a local dns that only answers the querying and returning from a list of certificates from a trusted certificate authority. Or how would you actually do this? If you want to verify that an SSL handshake was successful, one approach is to check the handshake parameters. This is an incomplete list, so if you have a list of known issues then it should do for starters: client cert. Certificate fingerprint. Certificate common name. Certificate issuers certificate Common Name (see RFC5280, section 4.1.2)
Of course, you may also want to verify: the Certificate chain. The Client certificate expiration date. The TLS version used, so you'd know if the client used the latest protocol. The client's IP address. You then ask the DNS to return any information related to the site, such as A records, and compare the contents to information you're expecting. It sounds like you're describing a self-service-style approach. You would need to create a database that would track all the information you expect to find. It could be as simple as using MySQL with a customised CREATE TABLE statement.

Related Answers

How to analyse Wireshark traffic?

What is the difference between Protocol and Application? How do I f...

How do I check my Wireshark SSL?

The following command will tell you what cipher is being used on the wire...

Is there a Wireshark for Mac?

(I'm on OS X 10.6.8) After using it for a while, now my question is no...