Re: Convert Self-Signed Certificate?

No. That would in fact make you a competitor of Verisign and would extend
their reputation to anything that you do (because the certificate chain
traces back to them as the final authority).

Extreme example: If this were allowed, you could put up a CA on the Internet
and allow anyone to create a certificate by themselves without paying anyone
any money.

The value of a trusted third party certificate authority is that they are
supposed to investigate and confirm that you are really you before you are
issued a certificate.

Ray

"lucius" <lucius@xxxxxxxxxxxxxxxx> wrote in message
news:nne513hc6vc2j47amt7mla0d66idk8k211@xxxxxxxxxx

this is for publically-accessible sites. The root cert that is
installed on several hosts is self-signed. I was under the impression
that the same CA cert could be verified/signed by Verisign or
equivalent. That way the "chain of trust" would be "extended" by
having the root CA actually verified by Verisign or equivalent.


On Tue, 3 Apr 2007 11:56:01 -0700, Mike002
<Mike002@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I don't understand your point... do you want to be a trusted third party
or a
certificte authority??!!

- the point of creating a MS Certificate Server is to give you PKI
functionality, so that you can issue, manage, and revoke PKCs.
- to do that, you need to get a cert that is signed by a trusted party
like
VeriSign, so others can trust you in return. and then you can use this
"trusted cert" as a root certificate for your CA to sign other certs.
- plus, you didn't answer Ray's question: is it for public or local
network
use?

HTH

"lucius" wrote:



.

Relevant Pages

  • Re: Newbie wants to learn about PKI Server 2003......
    ... 2003 PKI Certificate Security", and have been lurking here for a bit. ... We will implement a 2 tier heirarchy, with the Root CA being offline. ... All clients that attempt revocation checking will first attempt to retrieve the CRL from the ... level below a self-signed cert, so applications that are 3280 compliant would never check the ...
    (microsoft.public.windows.server.security)
  • Re: Change validatiy period of a Root certificate
    ... should not have either an AIA or a CDP URL in it" But when I go to install ... my subordinate stand alone CA it asks me for a Root CA to get it's cert from. ... I picks up my newly created standalone Root CA. ... certificate, copying the certificate to removable media and then installing ...
    (microsoft.public.security)
  • Re: Schannel CertificateChainValidation failing
    ... I am not fully up to speed with certs (root, end entity, ... valid Windows trusted root cert. ... You've enabled certificate revocation checking, and the validation code ...
    (microsoft.public.platformsdk.security)
  • Re: Smart Card Logon
    ... Is the root CA issuing the EE certs? ... The issuing CA cert goes in the NTAUTH ... > 2) Created a certificate trust list for it. ... > and validated the third party smart card logon certificate ...
    (microsoft.public.win2000.security)
  • Re: WM5 PEAP with Certificates
    ... to connect to our wireless with my Axim x51v. ... in the trusted root certificate area. ... EAP/TLS and you do need a user and root cert on the device. ...
    (microsoft.public.pocketpc.wireless)
Loading