Re: Global Repository for Externally Generated Certificates

From: Miha Pihler (miha-news_at_atlantis.si)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 08:13:28 +0200

Hi,

sine you are not the one issuing certificates, you won't be able to revoke
them. If you order them from Verisign, they are the only one that can revoke
them.

What you can do is import _public_ key into AD under User's properties
(Published Certificates). With this done, users will have less problem
sending encrypted e-mails, since they will be able to find other person's
public key in AD (Outlook will perform LDAP query against AD)...

I hope this helps,

Mike

"Rick A. Butler" <orion2634@yahoo.com> wrote in message
news:%23yR6EAFcEHA.1656@TK2MSFTNGP09.phx.gbl...
> Hello Group!
>
> As part of the Department of Defense's IECA program for communications to
> DoD personnel, they DoD is moving to Certificate driven communications. As
> part of IECA, people needing to communicate with DoD will have to
provision
> a Certificate from a Trusted Root Authority, such as Verisign. Currently,
> the program is not enrolling Server Certificates, so deploying an
Enterprise
> CA isn't going to work for me.
>
> We're ordering about 200 certificates from Verisign so that we can
digitally
> secure traffic for communication to DoD.
>
> Has anyone here ever had to deal with a massive number of certificates
from
> an external CA, and what's the best practice for management, short of
using
> Excel to manage them all? Is there a way to import them into sort of a
> global store that's accessible by all and that will allow me to also do
> revokations?
>
> My network is a Windows 2000 Native Active Directory, with MS Exchange
2000
> as my principle messaging platform.
>
> Thanks in Advance -
>
> Rick Butler
>
>

Relevant Pages

  • Global Repository for Externally Generated Certificates
    ... As part of the Department of Defense's IECA program for communications to ... DoD personnel, they DoD is moving to Certificate driven communications. ... the program is not enrolling Server Certificates, ...
    (microsoft.public.windows.server.security)
  • RE: GPG and Signing
    ... native S/MIME support into their MUA's, ... I don't believe they own VeriSign. ... Also like other companies, they generally don't support ... for trusted certificates and CA's. ...
    (Debian-User)
  • Re: Global Repository for Externally Generated Certificates
    ... enterprise CA to that organizations could manage their own certificates. ... >> DoD personnel, they DoD is moving to Certificate driven communications. ...
    (microsoft.public.windows.server.security)
  • Re: Public Key on Enterprise CA
    ... 2000 or Windows Server 2003 Enterprise CA. ... I see that Verisign will sell ... > digital certificates for about $15 per user. ... > savings by managing your own subordinate CA with Verisign as the root CA ...
    (microsoft.public.win2000.security)
  • Re: PGP and S/MIME
    ... > Netscape etc. include the VeriSign root certificate with their browser ... > because VeriSign gave them a large amount of money. ... > first to ship a browser which pops up a dialogue box every time the user ... to remove their certificates due to serious security concerns. ...
    (sci.crypt)