RE: CA certificate
From: Martin Smith (martinsmonline@microsoft.com)
Date: 07/17/02
- Next message: Susan Hayden [MS]: "RE: RDS subsystem dlls"
- Previous message: Susan Hayden [MS]: "RE: ASP registry security problem?"
- In reply to: Kiran Kumar: "CA certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: martinsmonline@microsoft.com (Martin Smith) Date: Wed, 17 Jul 2002 20:30:17 GMT
Hi,
This is all a touch confusing so hopefully this is what you are looking for:
When a Certificate authority such as Verisign signs a "server's certificate
request" from a customer this validates the customer's identity. So when a
client such as IE connects to the web server using SSL the client can be
assured that the server is who it states that it is.
The client must also trust the certificate authority (Verisign) that
signed the "server's certificate request". This is where the certificate
authorities that are shipped with the browser come in. IE ships with
Verisign certificate authorities.
If IE does not have an authority which trusts the issuing certificate
authority IE will pop up a dialog box on the client that this certificate
is an untrusted certificate and will give the user an option to continue
into the site or not. As far as I know there is no way to disable this
dialog box and I would highly recommend that you don't ever disable this if
it is possible.
If you are issuing your own certificates and your clients do not have a
certificate authority recognize your certificate server as a trusted
certificate authority then your clients will receive the dialog box.
Thanks,
Martin
This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
----------------------------------------------------------------------------
----------------------------------------------------------------------
From: kkiran@maxis.com.my (Kiran Kumar)
Newsgroups: microsoft.public.inetserver.iis.security
Subject: CA certificate
Date: 16 Jul 2002 21:33:42 -0700
Organization: http://groups.google.com/
Lines: 15
Message-ID: <40907d23.0207162033.6d76645e@posting.google.com>
NNTP-Posting-Host: 202.75.160.179
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1026880423 18654 127.0.0.1 (17 Jul 2002
04:33:43 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 17 Jul 2002 04:33:43 GMT
Path:
cpmsftngxa08!tkmsftngp01!newsfeed00.sul.t-online.de!t-online.de!news.stealth
.net!news.stealth.net!feed.textport.net!sn-xit-02!sn-xit-06!sn-xit-04!supern
ews.com!postnews1.google.com!not-for-mail
Xref: cpmsftngxa08 microsoft.public.inetserver.iis.security:8480
X-Tomcat-NG: microsoft.public.inetserver.iis.security
Hi,
In some article, it is mentioned that "CA certificates come
pre-installed on most popular web browsers, including those from
Microsoft and Netscape".
Right now we are installing CA certificate at the client side with 3
year expiration period. Can I eliminate this process? because all our
users are using Internet Explorer 5.0.
If we don't issue CA certificate, does my client browser still able to
authenticate and validate my web server certificate?
regards,
Kiran
----------------------------------------------------------------------------
----------------------------------------------------------------------
From: "Ken Schaefer" <kenRMV@THISadOpenStatic.com>
References: <40907d23.0207162033.6d76645e@posting.google.com>
Subject: Re: CA certificate
Date: Wed, 17 Jul 2002 16:45:35 +1000
Lines: 26
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <e$MPw1VLCHA.2608@tkmsftngp11>
Newsgroups: microsoft.public.inetserver.iis.security
NNTP-Posting-Host: 129.94.52.10
Path: cpmsftngxa07!tkmsftngp01!tkmsftngp11
Xref: cpmsftngxa07 microsoft.public.inetserver.iis.security:8548
X-Tomcat-NG: microsoft.public.inetserver.iis.security
The CA certficate mentioned are for Authorities like Verisign, Thwaite etc
Cheers
Ken
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Kiran Kumar" <kkiran@maxis.com.my> wrote in message news:40907d23.0207162033.6d76645e@posting.google.com... > Hi, > > In some article, it is mentioned that "CA certificates come > pre-installed on most popular web browsers, including those from > Microsoft and Netscape". > > Right now we are installing CA certificate at the client side with 3 > year expiration period. Can I eliminate this process? because all our > users are using Internet Explorer 5.0. > > If we don't issue CA certificate, does my client browser still able to > authenticate and validate my web server certificate? > > regards, > Kiran
- Next message: Susan Hayden [MS]: "RE: RDS subsystem dlls"
- Previous message: Susan Hayden [MS]: "RE: ASP registry security problem?"
- In reply to: Kiran Kumar: "CA certificate"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
