Solved

Create My Own Certificates

Posted on 2006-10-23
13
184 Views
Last Modified: 2010-04-11

Is i possible to create my own certificates.  Basically I want to allow about 30 different clients to sign a form in an application so I can then verify that that THEY signed the form.  I know I can buy certificates from a CA but it could work out expensive.  Also when the form is signed does the time and date of when it was signed go with the signature.


0
Comment
Question by:Kevin Robinson
  • 4
  • 3
  • 2
  • +2
13 Comments
 
LVL 8

Expert Comment

by:jako
ID: 17789135
It is possible and sometimes also absolutely feasible. You might want to check out one CA that is somewhat different: http://www.cacert.org - certificates are free ;)
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789488
I have created a certifcate but it says

"Your certificate, this is only useful for people using smart cards."

What does this mean.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789570
Please do enlighten us, what kind of software you are using and regarding the smartcards, I highly doubt that. [x509] certificates are usually just containers of private and public keys + some metadata. It's up to it's user how to handle those. Even with certs stuck in smartcards, if it's possible to read the card, it's possible to use those certs almost everywhere.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789587
and to educate yourself on the subject, do read on the X509 from the wikipedia that has it nicely covered: http://en.wikipedia.org/wiki/X.509
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789595
Im not using smart cards.  Im going to be using the cert with a windows application which will create the signature.

Have you used that site yourself?  I'm very new to all this
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Expert Comment

by:crawfordits
ID: 17789647
1.  Set up your own CA Server that will issue you your certificates.  Send the requests to this server.  Respond to the request sending back your certificate well to yourself
2.  You selfssl.exe from IIS 6.0 resource kit to create your own SSL.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789674
yes, I've use the CAcert.org and I am a CAcert (and also Thawte WoT) notary. And not using the smartcards is OK. These are only good as a storage medium and little more. The security provided by tokenizing the smartcards is only as good as the gullible person who allows his/her card to be copied. Now when the hw token and cert passphrase are combined, it might raise the security level a little, though. but all this is offtopic already.

Since you are new to this, I suggest you get some help. Someone to stand by and give over-the-shoulder consultation, because if you intend to get this scheme up and running in 2006 and do it all right, it might take some time and some failed tries.
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789735
crawfordits. "Set up your own CA Server".  How do I do this?  Does it install on windows server 2003?

jakopriit :  Yes I understand your concern but the clients have signed up to a grants programme so have already been verified, so to speak (signed contracts etc).  

Really I need to use the certificate to subsitute their physical signature.  Becoming our own governing CA I think would be aceptable in our situation.
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789827
Should install on 03.  Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807819
That is exactly it!
Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Then navigate to the following

http://%ServerName%/certsrv/

and there you go you have your certificates. If this is a domain the server will automatically become a root authority if not make sure you download the whole chain an install the server as a root authority on the client machine you will be using this certificate with.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042275
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now