Re: Certificate Services - What is it?

From: Mark Gamache (mark.gamache_at_css-security.com.nospam)
Date: 02/23/05


Date: Tue, 22 Feb 2005 16:20:06 -0800

Are you looking to get strong authentication of the clients or just protect
the data flow? SSL does require certificates, but this doesn't mean you
need to run a certificate authority. You can buy the certificates form
someone like Geotrust. The certs can be used to protect the data session,
authenticate the server to the user and to authenticate the user to the
server.

Depending on what you are looking to do, you may only need two certs. If
you are just protecting the session and not even interested in letting the
clients verify the authenticity of the server, you can use MS tools or
openSSL to create self signed certs. If you want to authenticate the server
to the clients, you will want certs that are chained (signed by) to a
trusted root CA. If you want the server to validate the users by
certificates then each client needs a certificate. Many sights use SSL to
authenticate the server an then protect the user's authentication method
(i.e. Forms) If you do use client certs, an MS CA is a great way to go.

Cheers,

-- 
Mark Gamache
Certified Security Solutions
http://www.css-security.com
"Frank Pinto" <Frank Pinto@discussions.microsoft.com> wrote in message 
news:3D20D5A9-1E38-4A79-AAFE-15D1B93615DE@microsoft.com...
>I would like to use ssl to secure an extranet website.  Do I need to run
> Certificate Services?  I want to secure a couple websites actually.  A 
> client
> site and an employee site.
>
> Can anyone shed light on this?
>
> Thanks,
> Frank Pinto 


Relevant Pages

  • Re: Certificate Services - What is it?
    ... So for uncontrolled crowd e.g. clients it makes sense to use a commercial CA ... Two thing to be awaare of: hand-made certificates offer exactly the same ... > authenticate the server to the user and to authenticate the user to the ...
    (microsoft.public.security)
  • Re: Enterprise CA and RADIUS authentication
    ... RADIUS on Win 2K server - Isn't it? ... ALL I need is to authenticate the wireless clients ONLY. ... > templates and autoenrollment for both user and computer certificates for XP ...
    (microsoft.public.win2000.security)
  • Re: SSL/TLS - am I doing it right?
    ... I'll throw it out for what it's worth. ... the Web does not authenticate clients (for the ... clients to have certificates is when the certificate *is* your ...
    (comp.lang.python)
  • Re: Adding a second site
    ... newDCname.existingdomain.com and my clients would authenticate to that DC ... Computer accounts do not join Sites, ... > the Subnets and associate each Subnet with the correct Site). ...
    (microsoft.public.win2000.active_directory)
  • Re: Adding a second site
    ... > newDCname.existingdomain.com and my clients would authenticate to that DC ... "Alex Anderson" wrote in message ... Computer accounts do not join Sites, ...
    (microsoft.public.win2000.active_directory)