L
linnext
Guest
Re: Certificate Authority
test post
"wli2k2" wrote:
> Thanks Mike, your reply is very detail, informative and useful.
>
> I also have another question. I did a chat with VeriSign and what I got out
> of them was that I can use their SSL certificates to secure our email system.
> (We are using Exhange 2000 with Outlook 2000/2003 clients.) They say we can
> use the SSL certs to secure the emails we sent internally. But to secure
> emails we sent to the outside world, we would need digital ids.
>
> Based on your knowledge, is this correct?
>
> thanks again.
>
> "Miha Pihler [MVP]" wrote:
>
> > Yes, you will be able to issue out SSL and other certificates. The
> > difference is that any users that do not trust your CA server (no one will
> > by default) visiting your SSL protected site will get a warning that looks
> > like this http://freeweb.siol.net/mpihler/trusted.jpg. Reason as mentioned
> > is that they do not trust CA server (your CA server) that issued the
> > certificate for the site. That is the difference between VeriSign (and other
> > trusted CA servers) and CA server that you set up for yourself.
> >
> > I usually tell my customers that it is OK for them to use their own CA to
> > issue SSL certificates for sites that will only be used by their own
> > employees (e.g. internally). It is pretty easy to make domain joint
> > computers trust your own CA and its issued certificates. This way you can
> > e.g. protect access to web based e-mail access, intranets etc.
> > For sites that will be used by e.g. their customers I recommend using
> > VeriSign (or other trusted agencies) since this would make solution more
> > professional towards the customers.
> >
> > To see which certificates your computer and browser will trust open Internet
> > Explorer, click on Tools -> Internet Options -> click on Content tab and
> > Certificates button -> now click on Trusted Root Certificate Authorities.
> >
> > --
> > Mike
> > Microsoft MVP - Windows Security
> >
> >
> > "wli2k2" <wli2k2@discussions.microsoft.com> wrote in message
> > news:07788D59-FAA5-4B1E-ACF1-E5C474E445FD@microsoft.com...
> > > If I setup my own CA server (with Windows 2000/2003), I can issue out SSL
> > > certificates, right?
> > >
> > > I mean, is it the same as buying SSL certificates (for VeriSign, etc.)
> > > besides that I issued it myself?
> > >
> > > thanks.
> >
> >
> >
test post
"wli2k2" wrote:
> Thanks Mike, your reply is very detail, informative and useful.
>
> I also have another question. I did a chat with VeriSign and what I got out
> of them was that I can use their SSL certificates to secure our email system.
> (We are using Exhange 2000 with Outlook 2000/2003 clients.) They say we can
> use the SSL certs to secure the emails we sent internally. But to secure
> emails we sent to the outside world, we would need digital ids.
>
> Based on your knowledge, is this correct?
>
> thanks again.
>
> "Miha Pihler [MVP]" wrote:
>
> > Yes, you will be able to issue out SSL and other certificates. The
> > difference is that any users that do not trust your CA server (no one will
> > by default) visiting your SSL protected site will get a warning that looks
> > like this http://freeweb.siol.net/mpihler/trusted.jpg. Reason as mentioned
> > is that they do not trust CA server (your CA server) that issued the
> > certificate for the site. That is the difference between VeriSign (and other
> > trusted CA servers) and CA server that you set up for yourself.
> >
> > I usually tell my customers that it is OK for them to use their own CA to
> > issue SSL certificates for sites that will only be used by their own
> > employees (e.g. internally). It is pretty easy to make domain joint
> > computers trust your own CA and its issued certificates. This way you can
> > e.g. protect access to web based e-mail access, intranets etc.
> > For sites that will be used by e.g. their customers I recommend using
> > VeriSign (or other trusted agencies) since this would make solution more
> > professional towards the customers.
> >
> > To see which certificates your computer and browser will trust open Internet
> > Explorer, click on Tools -> Internet Options -> click on Content tab and
> > Certificates button -> now click on Trusted Root Certificate Authorities.
> >
> > --
> > Mike
> > Microsoft MVP - Windows Security
> >
> >
> > "wli2k2" <wli2k2@discussions.microsoft.com> wrote in message
> > news:07788D59-FAA5-4B1E-ACF1-E5C474E445FD@microsoft.com...
> > > If I setup my own CA server (with Windows 2000/2003), I can issue out SSL
> > > certificates, right?
> > >
> > > I mean, is it the same as buying SSL certificates (for VeriSign, etc.)
> > > besides that I issued it myself?
> > >
> > > thanks.
> >
> >
> >