Re: SSL and certificates
From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: Wed, 24 Dec 2003 20:54:43 GMT
In article <firstname.lastname@example.org>, "Kevin"
>Are client certificates necessary for SSL or just server
Just a server certificate. However...
>The Microsoft help for setting up SSL takes you through
>creating a server root certificate and another server
>certificate and then installing each on all of the
The client needs to have some way to believe that the server's certificate
is genuine. It does that either by trusting the server's certificate, or
one of the certificates that were used to sign the server's certificate.
This is where installing the certificates comes in - your client only trusts
those certificates that it has been told to trust. Internet Explorer ships
with a few certificates already described as "trusted" - these are generally
root certification authorities, and IE will implicitly trust any server that
presents a certificate signed by one of these Trusted Roots.
To get your server certificate trusted by a client's installation of IE, you
have to do one of the following:
1. Get your certificate from a CA that is already a trusted root at the
client's IE installation.
2. Have the client install your server's certificate as trusted.
3. Have the client install as trusted the certificate from the CA that
issued your server's certificate.
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | email@example.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.