Solved

Create My Own Certificates

Posted on 2006-10-23
13
185 Views
Last Modified: 2010-04-11

Is i possible to create my own certificates.  Basically I want to allow about 30 different clients to sign a form in an application so I can then verify that that THEY signed the form.  I know I can buy certificates from a CA but it could work out expensive.  Also when the form is signed does the time and date of when it was signed go with the signature.


0
Comment
Question by:Kevin Robinson
  • 4
  • 3
  • 2
  • +2
13 Comments
 
LVL 8

Expert Comment

by:jako
ID: 17789135
It is possible and sometimes also absolutely feasible. You might want to check out one CA that is somewhat different: http://www.cacert.org - certificates are free ;)
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789488
I have created a certifcate but it says

"Your certificate, this is only useful for people using smart cards."

What does this mean.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789570
Please do enlighten us, what kind of software you are using and regarding the smartcards, I highly doubt that. [x509] certificates are usually just containers of private and public keys + some metadata. It's up to it's user how to handle those. Even with certs stuck in smartcards, if it's possible to read the card, it's possible to use those certs almost everywhere.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789587
and to educate yourself on the subject, do read on the X509 from the wikipedia that has it nicely covered: http://en.wikipedia.org/wiki/X.509
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789595
Im not using smart cards.  Im going to be using the cert with a windows application which will create the signature.

Have you used that site yourself?  I'm very new to all this
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 9

Expert Comment

by:crawfordits
ID: 17789647
1.  Set up your own CA Server that will issue you your certificates.  Send the requests to this server.  Respond to the request sending back your certificate well to yourself
2.  You selfssl.exe from IIS 6.0 resource kit to create your own SSL.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789674
yes, I've use the CAcert.org and I am a CAcert (and also Thawte WoT) notary. And not using the smartcards is OK. These are only good as a storage medium and little more. The security provided by tokenizing the smartcards is only as good as the gullible person who allows his/her card to be copied. Now when the hw token and cert passphrase are combined, it might raise the security level a little, though. but all this is offtopic already.

Since you are new to this, I suggest you get some help. Someone to stand by and give over-the-shoulder consultation, because if you intend to get this scheme up and running in 2006 and do it all right, it might take some time and some failed tries.
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789735
crawfordits. "Set up your own CA Server".  How do I do this?  Does it install on windows server 2003?

jakopriit :  Yes I understand your concern but the clients have signed up to a grants programme so have already been verified, so to speak (signed contracts etc).  

Really I need to use the certificate to subsitute their physical signature.  Becoming our own governing CA I think would be aceptable in our situation.
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789827
Should install on 03.  Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807819
That is exactly it!
Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Then navigate to the following

http://%ServerName%/certsrv/

and there you go you have your certificates. If this is a domain the server will automatically become a root authority if not make sure you download the whole chain an install the server as a root authority on the client machine you will be using this certificate with.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042275
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
print logs windows 7 3 71
Google G Suite Email Redirection to exchange server 4 58
What type of security does Gmail for business have? 1 57
Sonicwall blocks a site 49 52
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now