Guest linnext Posted June 23, 2008 Posted June 23, 2008 Re: Certificate Authority thanks "wli2k2" wrote: > Thanks Mike, your reply is very detail, informative and useful. > > I also have another question. I did a chat with VeriSign and what I got out > of them was that I can use their SSL certificates to secure our email system. > (We are using Exhange 2000 with Outlook 2000/2003 clients.) They say we can > use the SSL certs to secure the emails we sent internally. But to secure > emails we sent to the outside world, we would need digital ids. > > Based on your knowledge, is this correct? > > thanks again. > > "Miha Pihler [MVP]" wrote: > > > Yes, you will be able to issue out SSL and other certificates. The > > difference is that any users that do not trust your CA server (no one will > > by default) visiting your SSL protected site will get a warning that looks > > like this http://freeweb.siol.net/mpihler/trusted.jpg. Reason as mentioned > > is that they do not trust CA server (your CA server) that issued the > > certificate for the site. That is the difference between VeriSign (and other > > trusted CA servers) and CA server that you set up for yourself. > > > > I usually tell my customers that it is OK for them to use their own CA to > > issue SSL certificates for sites that will only be used by their own > > employees (e.g. internally). It is pretty easy to make domain joint > > computers trust your own CA and its issued certificates. This way you can > > e.g. protect access to web based e-mail access, intranets etc. > > For sites that will be used by e.g. their customers I recommend using > > VeriSign (or other trusted agencies) since this would make solution more > > professional towards the customers. > > > > To see which certificates your computer and browser will trust open Internet > > Explorer, click on Tools -> Internet Options -> click on Content tab and > > Certificates button -> now click on Trusted Root Certificate Authorities. > > > > -- > > Mike > > Microsoft MVP - Windows Security > > > > > > "wli2k2" <wli2k2@discussions.microsoft.com> wrote in message > > news:07788D59-FAA5-4B1E-ACF1-E5C474E445FD@microsoft.com... > > > If I setup my own CA server (with Windows 2000/2003), I can issue out SSL > > > certificates, right? > > > > > > I mean, is it the same as buying SSL certificates (for VeriSign, etc.) > > > besides that I issued it myself? > > > > > > thanks. > > > > > >
Recommended Posts