Hosting Provided By

Re: CA-SSL in IIS

From: Anthony Kim <Anthony.Kim(at)VWCREDIT.COM>
Date: Tue Jul 15 2003 - 12:26:01 EDT

On Tue, Jul 15, 2003, Ed Sunder wrote:

> What drawbacks are there in becoming your own certificate

You need to maintain a strict security support structure to protect your certifice service servers, root CAs, intermediary CAs and so forth. ISS wrote up some guidelines in their MS Press Windows 2000 Security Technical Reference. In theory. People producing their own X.509 certs for private use seldom take such measures. But at the end of the day, how much you effort you should make depends on your security requirements.

You need to distribute your root CA certficate to your users' browsers - so they aren't faced with the "This cert is not signed by a valid CA" warning. But this can be accomplished via Group Policy IIRC.

Otherwise, private CA's are pretty common I reckon.

Received on Tue Jul 15 14:28:23 2003

This message: [ Message body ]
Next message: CORREIA, PATRICK: "RE: CA-SSL in IIS"
In reply to: Ed Sunder: "RE: CA-SSL in IIS"
In reply to Larry Seltzer: "RE: CA-SSL in IIS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:34 EDT