Re: SSL and certificates

From: Keith W. McCammon (km_at_km.com)
Date: 12/09/03 

Date: Tue, 9 Dec 2003 12:42:42 -0500

Unless you want everyone to get an annoying warning every time they visit
your site, yes. It's actually not that bad, though. You can push it out
via SMS, or have them download an auto-installing file from a web site.

"Kevin" <anonymous@discussions.microsoft.com> wrote in message
news:00f101c3be75$056d0df0$a301280a@phx.gbl...
> So, I guess if you create your own certificates, then you
> have to perform an extra step of deploying them on all of
> the clients that might access your site?
>
> >-----Original Message-----
> >Only a server certificate is required. The client
> should have the root
> >certificate of the issuing CA installed, but in most
> cases (I.e., public
> >sites with certificates issued by Verisign, Entrust,
> etc.) this is already
> >done, so many folks simply assume that this step doesn't
> exist.
> >
> >"Kevin" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:0f9a01c3be60$ed204a00$a101280a@phx.gbl...
> >> Are client certificates necessary for SSL or just
> server
> >> certificates?
> >>
> >> The Microsoft help for setting up SSL takes you through
> >> creating a server root certificate and another server
> >> certificate and then installing each on all of the
> >> clients. But other documentation that I have read
> >> suggests that SSL only needs server certificates and
> that
> >> client certificates are only needed for certificate
> >> authentication. I want to use forms authentication and
> >> don't won't to force our customers to deploy client
> >> certificates if they don't have too.
> >
> >
> >.
> >

Relevant Pages

  • Re: Certificate Services - What is it?
    ... So for uncontrolled crowd e.g. clients it makes sense to use a commercial CA ... Two thing to be awaare of: hand-made certificates offer exactly the same ... > authenticate the server to the user and to authenticate the user to the ...
    (microsoft.public.security)
  • Re: message encryption
    ... To answer your question, On why its implicit in nature, take the example of transport dependent message integrity here the certificate is assumed to be issued to the server of the same name as the hostname of the endpoint you're hitting. ... The clients are on the intranet. ... refering to public key you are using PKI (X509 ... certificates on the server using the MMC plug-in for certificates. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Commercial Certificate
    ... the 'clients' are actually internal SOAP services communicating ... I'll never have outside clients contacting the SOAP ... > Do you NEED certificates on all of the clients? ... > The most common scenario is to get a web server certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Enterprise CA and RADIUS authentication
    ... RADIUS on Win 2K server - Isn't it? ... ALL I need is to authenticate the wireless clients ONLY. ... > templates and autoenrollment for both user and computer certificates for XP ...
    (microsoft.public.win2000.security)
  • Re: Certificates trouble: CRL not available(?) and "revocation server offline" error
    ... CRLs are published by CAs to the CDP locations ... Clients obtain EFS certificates from EntIssuing CA ...
    (microsoft.public.windows.server.security)