scotto2003
asked on
Windows Certificate Server question - SSL - Website
Can i create my own SSL certificate for our website with Win2k3 certificate services?
Website is on win2k server....using a Verisign certificate now...
Website is on win2k server....using a Verisign certificate now...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Go into IIS and create the request, then go to the Win03 CertServ website (local), and submit the request, you'll get a reply and install the cert.
ASKER
Also, this will be for our Client Website (external), the site gives them (hospitals) status updates and notes from the accounts we work for them... Do you guys know if HIPAA requires an outside certificate authority...?
Very good point. I am not a lawyer, and am not terribly familiar with HIPPA, so I would have your company speak with a licensed attorney before you get too far, but I did find the following:
I found this on the HIPPA website:
Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor's office should comply with that request if it can be reasonably accommodated.
So at a minimum you would need to take "reasonable steps".
As far as SSL providers, 128bit is 128bit, but the patient might feel better seeing the Verisign logo on the site.
However, like I said I'm not a lawyer, I'd get their advice.
I found this on the HIPPA website:
Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor's office should comply with that request if it can be reasonably accommodated.
So at a minimum you would need to take "reasonable steps".
As far as SSL providers, 128bit is 128bit, but the patient might feel better seeing the Verisign logo on the site.
However, like I said I'm not a lawyer, I'd get their advice.