Re: Certificate Authority

[Guest linnext]

Re: Certificate Authority

 

thx

 

"wli2k2" wrote:

> Thanks Mike, your reply is very detail, informative and useful.

>

> I also have another question. I did a chat with VeriSign and what I got out

> of them was that I can use their SSL certificates to secure our email system.

> (We are using Exhange 2000 with Outlook 2000/2003 clients.) They say we can

> use the SSL certs to secure the emails we sent internally. But to secure

> emails we sent to the outside world, we would need digital ids.

>

> Based on your knowledge, is this correct?

>

> thanks again.

>

> "Miha Pihler [MVP]" wrote:

>

> > Yes, you will be able to issue out SSL and other certificates. The

> > difference is that any users that do not trust your CA server (no one will

> > by default) visiting your SSL protected site will get a warning that looks

> > like this http://freeweb.siol.net/mpihler/trusted.jpg. Reason as mentioned

> > is that they do not trust CA server (your CA server) that issued the

> > certificate for the site. That is the difference between VeriSign (and other

> > trusted CA servers) and CA server that you set up for yourself.

> >

> > I usually tell my customers that it is OK for them to use their own CA to

> > issue SSL certificates for sites that will only be used by their own

> > employees (e.g. internally). It is pretty easy to make domain joint

> > computers trust your own CA and its issued certificates. This way you can

> > e.g. protect access to web based e-mail access, intranets etc.

> > For sites that will be used by e.g. their customers I recommend using

> > VeriSign (or other trusted agencies) since this would make solution more

> > professional towards the customers.

> >

> > To see which certificates your computer and browser will trust open Internet

> > Explorer, click on Tools -> Internet Options -> click on Content tab and

> > Certificates button -> now click on Trusted Root Certificate Authorities.

> >

> > --

> > Mike

> > Microsoft MVP - Windows Security

> >

> >

> > "wli2k2" <wli2k2@discussions.microsoft.com> wrote in message

> > news:07788D59-FAA5-4B1E-ACF1-E5C474E445FD@microsoft.com...

> > > If I setup my own CA server (with Windows 2000/2003), I can issue out SSL

> > > certificates, right?

> > >

> > > I mean, is it the same as buying SSL certificates (for VeriSign, etc.)

> > > besides that I issued it myself?

> > >

> > > thanks.

> >

> >

> >