?
Solved

Create My Own Certificates

Posted on 2006-10-23
13
Medium Priority
?
190 Views
Last Modified: 2010-04-11

Is i possible to create my own certificates.  Basically I want to allow about 30 different clients to sign a form in an application so I can then verify that that THEY signed the form.  I know I can buy certificates from a CA but it could work out expensive.  Also when the form is signed does the time and date of when it was signed go with the signature.


0
Comment
Question by:Kevin Robinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
13 Comments
 
LVL 8

Expert Comment

by:jako
ID: 17789135
It is possible and sometimes also absolutely feasible. You might want to check out one CA that is somewhat different: http://www.cacert.org - certificates are free ;)
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789488
I have created a certifcate but it says

"Your certificate, this is only useful for people using smart cards."

What does this mean.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789570
Please do enlighten us, what kind of software you are using and regarding the smartcards, I highly doubt that. [x509] certificates are usually just containers of private and public keys + some metadata. It's up to it's user how to handle those. Even with certs stuck in smartcards, if it's possible to read the card, it's possible to use those certs almost everywhere.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 8

Expert Comment

by:jako
ID: 17789587
and to educate yourself on the subject, do read on the X509 from the wikipedia that has it nicely covered: http://en.wikipedia.org/wiki/X.509
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789595
Im not using smart cards.  Im going to be using the cert with a windows application which will create the signature.

Have you used that site yourself?  I'm very new to all this
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789647
1.  Set up your own CA Server that will issue you your certificates.  Send the requests to this server.  Respond to the request sending back your certificate well to yourself
2.  You selfssl.exe from IIS 6.0 resource kit to create your own SSL.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789674
yes, I've use the CAcert.org and I am a CAcert (and also Thawte WoT) notary. And not using the smartcards is OK. These are only good as a storage medium and little more. The security provided by tokenizing the smartcards is only as good as the gullible person who allows his/her card to be copied. Now when the hw token and cert passphrase are combined, it might raise the security level a little, though. but all this is offtopic already.

Since you are new to this, I suggest you get some help. Someone to stand by and give over-the-shoulder consultation, because if you intend to get this scheme up and running in 2006 and do it all right, it might take some time and some failed tries.
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789735
crawfordits. "Set up your own CA Server".  How do I do this?  Does it install on windows server 2003?

jakopriit :  Yes I understand your concern but the clients have signed up to a grants programme so have already been verified, so to speak (signed contracts etc).  

Really I need to use the certificate to subsitute their physical signature.  Becoming our own governing CA I think would be aceptable in our situation.
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789827
Should install on 03.  Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807819
That is exactly it!
Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Then navigate to the following

http://%ServerName%/certsrv/

and there you go you have your certificates. If this is a domain the server will automatically become a root authority if not make sure you download the whole chain an install the server as a root authority on the client machine you will be using this certificate with.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042275
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month10 days, left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question