Re: [PLUG] SSL Cert question

Jesse Huestis on Tue, 28 Jan 2003 14:11:18 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSL Cert question

From: Jesse Huestis <JHuestis@comcast.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] SSL Cert question

Date: Tue, 28 Jan 2003 14:09:02 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

Jason:

certificates are based on keys as you know.

Verisign maintains several classes of "root" keys which are used in building private and public keys.

1) They sell you keys for a site in which you can use and generate verisign certified keys under your sub root key (very expensive and high discouraged by Verisign, they loose some control)

2) You purchase as many individually registered keys as you need on an anual basis and they are used to identify you.

The way to understand it is that, if you generate your own key set using OpenSSL and have peope using an SSL connection, they will be prompted trust you as who you are and also to Trust you as the certificate sourse. If you use a Verisign Certificate, then you are identified as Verisign authenticated and trust source.

Jason Wertz wrote:

To meet government requirements we need to upload a file to a gov't server using cURL. That isn't the problem. The problem is they want us to use an SSL (specifically Verisign) certificate as the means of access control. I'm not that well versed in crypto but the way I understand it the certificate is being used like an SSL key for authentication since you have to identify the certificate location to cURL as well as the cert password. The government will then accept Verisign's word that you are who you are. If I'm way off on understanding this feel free to yell.

My question is, how do you get a certificate for a machine that doesn't have a web server on it? I've only ever generated a CSR using web server based tools and in this instance I want a cert for a non-web serving machine...actually a desktop client. The government specifically stated a Verisign Class 1 digital certificate (which I'm assuming is a server cert and not a web browser client cert).

Thanks in advance.

Oh yeah...I typed this message in a text editor at < 80 columns and pasted it into GroupWise. I hope that works, our email admin won't make the formatting change for 1 user. His response...nobody uses a text based email client :-)

Jason Wertz Senior Technology Specialist / WebMaster Delaware County Community College ph: 610-325-2771 fax: 610-325-2820 http://learn.dccc.edu/~jason

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] SSL Cert question
From: Fred K Ollinger <follinge@sas.upenn.edu>

References:

[PLUG] SSL Cert question
From: "Jason Wertz" <JWERTZ@dccc.edu>

Prev by Date: Re: [PLUG] Encrypted File Systems

Next by Date: Re: [PLUG] SSL Cert question

Previous by thread: Re: [PLUG] SSL Cert question

Next by thread: Re: [PLUG] SSL Cert question

Index(es):

Date

Thread