Re: Certificate Server s Versign, Thawte Certificates

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/20/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Fri, 20 Dec 2002 06:25:40 -0500

Entrust.net certs for, say, web servers are about a third of the price of
Verisign certs, like $120 / year [even though Entrust is now owned by
Verisign, and the certs are linked / trusted up the chain to Verisign].
There are even cheaper certs, but I understand you start getting issues of
certain clients not trusting them without adding the CA to each client.

Also, all those hoops are sort of necessary to hopefully prevent someone
from buying a cert proving that they are you. I personally don't think
buying a cert is all that painful and is probably not any harder than
generating your own.

Using a Microsoft cert server could probably save you money, but is probably
not for every purpose, because as you may already know, you either need to
be able to modify every client so that it trusts your CA [which is probably
not easy if you have anonymous users on the internet] or a CA that trusts
your server. I believe you may be able to pay companies like Verisign so
that your root cert server can be verified by them, but again you're talking
money.

"Anthony J Biondo Jr" <niceguyinphilly@yahoo.com> wrote in message
news:06b901c2a79a$12eba330$89f82ecf@TK2MSFTNGXA01...
> Hi I wanted to ask and see if anyone in the IT or
> Healthcare industry can give me some insight with this
> question. I think it would be more cost effective to
> generate certificates in-house instead of constantly
> buying new certificates from outside vendors such as
> Verisign. I know that Verisign and other companies make
> you go through allot of hoops to get certificates, and
> that its not always a smooth process. Can anyone give me
> their opinions and experience using certificate server,
> and any pros and cons they think of. My goal here is to
> save the money we spend for certs, while not compromising
> secure access and user trust in our security.
>
> Thanks much,
> Anthony
>
> Ps. Does Microsoft have any comparisons that they have
> done on this topic?

Relevant Pages

  • Re: Using Certificates for 802.1x and VPN accecss
    ... The cert on the IAS server must contain the server authentication EKU and ... The machine certificates can by provisioned using auto-enrolment. ... login script that will provision the certs. ... How do I distribute the certificate to my clients? ...
    (microsoft.public.security)
  • Re: Impact of removing only CA
    ... Okay, first of all, is your policy alllowing EFS? ... If you remove the public CA key from trusted root CAs the certs will not be trusted and will stop working as well. ... Migrate the CA to a new server, then stop issuing certs untill the expiration date comes, by doing that you'll have a CA to get those certs if needed and if you've a KRA defined. ... We are not concerned with any certificates that we’ve manually ...
    (microsoft.public.windows.server.active_directory)
  • Re: Certificate Services help
    ... server with a different name. ... DCs need certificates to talk to each other? ... aren't using certs, you should revoke all certificates and then uninstall ... Certificate Services without installing it on a different server. ...
    (microsoft.public.windows.server.general)
  • Re: wireless lan & computer certificates
    ... certificates (ie a direct user cert to user account map) rather than ... Can you definately do this with computer certs? ... (bearing in mind the ssl server is in our dmz - and not a member ...
    (microsoft.public.security)
  • Re: Multiple certificates
    ... Is this just for when your Sendmail instance is acting as a server ... The problem is how do we create the certificates so that both organsiations ... The client and server certs that your Sendmail uses need to be signed by ...
    (comp.mail.sendmail)