Re: a refresher

From: Steven L Umbach (sumbach@ameritech.net)
Date: 04/07/03

• Next message: Jason Gallas: "switching between sam and kerberos"
• Previous message: Arlis Brown: "Re: Enterprise Root CA Install"
• In reply to: baffled: "a refresher"
• Next in thread: Jeff Cochran: "Re: a refresher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Steven L Umbach" <sumbach@ameritech.net>
Date: Mon, 07 Apr 2003 20:02:12 GMT

     I am not sure I understand your question, but you can make your web
pages available to whoever you want to by controlling the authentication
methods and using ntfs permissions.If you are talking about web enrollment,
you again control who can apply for certificates using authentication and
possibly firewall. A private CA is pretty useless on the internet since it
will not be in the trusted root certificate authority store of other
computers like Verisign, etc. SSL is very secure because it sends only the
public key unencrypted to start the SSL process. The client uses the public
key to create a hash challenge that it sends to the SSL server along with
proposed session keys. Only the computer with the private key can decrypt
the hash and then send back another encrypted hash as a response using the
session keys agreed upon by the client computer to start the session. There
is a lot more to it then that, but I think that is the basics. --- Steve

"baffled" <timvieweg101@tiscali.co.uk> wrote in message
news:OKs9QPT$CHA.2520@TK2MSFTNGP11.phx.gbl...
> hi, this is to recap on an earlier question posted. If you run a
> stand-alone(root) with a microsoft cert/your company) CA do you make the
ca
> web pages available on the internet as clients are not domain memebers.
If
> so, isn't this acting like a company like versign, not just a company
> wishing to secure client/server comms.
>
> Also isn't it insecure even if you used SSL, to be transmitting certs over
> the net.
>
> thanks.
>
> tj.
>
>

• Next message: Jason Gallas: "switching between sam and kerberos"
• Previous message: Arlis Brown: "Re: Enterprise Root CA Install"
• In reply to: baffled: "a refresher"
• Next in thread: Jeff Cochran: "Re: a refresher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: clients editing information w/o authentication--advice needed ... I completely concur that username/password authentication is the way to go. ... SSL, while the most secure, is not essential since there's no confidential ... I will "push back" with the client and tell them they'd be better off ... (comp.lang.php) Re: always dual entries in IIS Log with first being HTTP 401.2 error ... If I disable client authentication, ... >> well as SSL connection. ... (microsoft.public.inetserver.iis.security) SSL on OWA questions ... I have installed OWA on IIS4 server with SSL enabled on ... We are using basic authentication ... to OWA by client are encrypted by the SSL session? ... both side then why we need to install client ... (microsoft.public.inetserver.iis.security) SSL und client authentication ... Kann man mit outlook 6 / outlook express 6 per SSL mit client authentication ... Ich bin sehr dankbar fuer jede Hilfe bzw. ... (microsoft.public.de.german.inetexplorer.ie6.outlookexpress) SSL und client authentication ... Kann man mit outlook 6 / outlook express 6 per SSL mit client authentication ... Ich bin sehr dankbar fuer jede Hilfe bzw. ... (microsoft.public.de.outlook)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint