Re: Certificate Services - What is it?
From: S. Pidgorny
Date: 02/23/05
- Next message: Edar Mordo: "RE: Problems with an Outside Threat who is accessing my computer Illeg"
- Previous message: Galen: "Re: Incorrect Hard Drive Capacity"
- In reply to: Mark Gamache: "Re: Certificate Services - What is it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Feb 2005 19:21:48 +1100
An important thing to mention is CA trust: if one implements their own CA to
facilitate secure Web communication, all clients need to trust the CA By
default, most browsers allow to connect to the sites using certificates by
untrusted CA - but the warning dialog box is at least nuisance. However,
some enterprises restrict Web trust with security policies.
So for uncontrolled crowd e.g. clients it makes sense to use a commercial CA
certificate.
Two thing to be awaare of: hand-made certificates offer exactly the same
levels of confidentiality and integrity protection as commercial CA
certificates; if buying certificates from commecrcial CA, there is no
practical need to pay extra for any "extra-strong SSL certificates".
-- Svyatoslav Pidgorny, MVP - Security, MCSE -= F1 is the key =- "Mark Gamache" <mark.gamache@css-security.com.nospam> wrote in message news:uRv8e1TGFHA.936@TK2MSFTNGP12.phx.gbl... > Are you looking to get strong authentication of the clients or just protect > the data flow? SSL does require certificates, but this doesn't mean you > need to run a certificate authority. You can buy the certificates form > someone like Geotrust. The certs can be used to protect the data session, > authenticate the server to the user and to authenticate the user to the > server. > > Depending on what you are looking to do, you may only need two certs. If > you are just protecting the session and not even interested in letting the > clients verify the authenticity of the server, you can use MS tools or > openSSL to create self signed certs. If you want to authenticate the server > to the clients, you will want certs that are chained (signed by) to a > trusted root CA. If you want the server to validate the users by > certificates then each client needs a certificate. Many sights use SSL to > authenticate the server an then protect the user's authentication method > (i.e. Forms) If you do use client certs, an MS CA is a great way to go. > > Cheers, > > -- > Mark Gamache > Certified Security Solutions > http://www.css-security.com > > > > "Frank Pinto" <Frank Pinto@discussions.microsoft.com> wrote in message > news:3D20D5A9-1E38-4A79-AAFE-15D1B93615DE@microsoft.com... > >I would like to use ssl to secure an extranet website. Do I need to run > > Certificate Services? I want to secure a couple websites actually. A > > client > > site and an employee site. > > > > Can anyone shed light on this? > > > > Thanks, > > Frank Pinto > >
- Next message: Edar Mordo: "RE: Problems with an Outside Threat who is accessing my computer Illeg"
- Previous message: Galen: "Re: Incorrect Hard Drive Capacity"
- In reply to: Mark Gamache: "Re: Certificate Services - What is it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
