Re: Global Repository for Externally Generated Certificates

• Previous message: Anette Andresen: "serialNumber in the subject field of a CA certificate"
• In reply to: Rick A. Butler: "Global Repository for Externally Generated Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jul 2004 05:39:46 -0400

In article <#yR6EAFcEHA.1656@TK2MSFTNGP09.phx.gbl>, in the
microsoft.public.windows.server.security news group, Rick A. Butler
<orion2634@yahoo.com> says...

> Has anyone here ever had to deal with a massive number of certificates from
> an external CA, and what's the best practice for management, short of using
> Excel to manage them all? Is there a way to import them into sort of a
> global store that's accessible by all and that will allow me to also do
> revokations?
>

There really isn't anything that is going to do what you want off the
shelf. In any case, even if you do find some kind of database to store
all of your certificate information, you will not be able to revoke
certificates. That task can only be done by those who manage the CA.
You'll need to work with the external authority as each of those
eligible for this program will have different methods for you to inform
them that a certificate needs to be revoked.

BTW - I certainly would not consider 200 certificates to be a "massive
number of certificates".

Before deciding to go with Verisign, have you done due diligence and
checked out the other approved authorities? You may find that another
vendor, such as DST, has better management tools.

This is really a question you should be asking the external authorities.

-- 
Paul Adare
This posting is provided "AS IS" with no warranties, and confers no
rights.

• Previous message: Anette Andresen: "serialNumber in the subject field of a CA certificate"
• In reply to: Rick A. Butler: "Global Repository for Externally Generated Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]