We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Create My Own Certificates

Kevin Robinson
on
Medium Priority
215 Views
Last Modified: 2010-04-11

Is i possible to create my own certificates.  Basically I want to allow about 30 different clients to sign a form in an application so I can then verify that that THEY signed the form.  I know I can buy certificates from a CA but it could work out expensive.  Also when the form is signed does the time and date of when it was signed go with the signature.


Comment
Watch Question

jakosysadmin

Commented:
It is possible and sometimes also absolutely feasible. You might want to check out one CA that is somewhat different: http://www.cacert.org - certificates are free ;)
Kevin RobinsonPrivate VB.NET Contractor

Author

Commented:
I have created a certifcate but it says

"Your certificate, this is only useful for people using smart cards."

What does this mean.
jakosysadmin

Commented:
Please do enlighten us, what kind of software you are using and regarding the smartcards, I highly doubt that. [x509] certificates are usually just containers of private and public keys + some metadata. It's up to it's user how to handle those. Even with certs stuck in smartcards, if it's possible to read the card, it's possible to use those certs almost everywhere.
jakosysadmin

Commented:
and to educate yourself on the subject, do read on the X509 from the wikipedia that has it nicely covered: http://en.wikipedia.org/wiki/X.509
Kevin RobinsonPrivate VB.NET Contractor

Author

Commented:
Im not using smart cards.  Im going to be using the cert with a windows application which will create the signature.

Have you used that site yourself?  I'm very new to all this
1.  Set up your own CA Server that will issue you your certificates.  Send the requests to this server.  Respond to the request sending back your certificate well to yourself
2.  You selfssl.exe from IIS 6.0 resource kit to create your own SSL.
jakosysadmin

Commented:
yes, I've use the CAcert.org and I am a CAcert (and also Thawte WoT) notary. And not using the smartcards is OK. These are only good as a storage medium and little more. The security provided by tokenizing the smartcards is only as good as the gullible person who allows his/her card to be copied. Now when the hw token and cert passphrase are combined, it might raise the security level a little, though. but all this is offtopic already.

Since you are new to this, I suggest you get some help. Someone to stand by and give over-the-shoulder consultation, because if you intend to get this scheme up and running in 2006 and do it all right, it might take some time and some failed tries.
Kevin RobinsonPrivate VB.NET Contractor

Author

Commented:
crawfordits. "Set up your own CA Server".  How do I do this?  Does it install on windows server 2003?

jakopriit :  Yes I understand your concern but the clients have signed up to a grants programme so have already been verified, so to speak (signed contracts etc).  

Really I need to use the certificate to subsitute their physical signature.  Becoming our own governing CA I think would be aceptable in our situation.
Should install on 03.  Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Commented:
That is exactly it!
Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Then navigate to the following

http://%ServerName%/certsrv/

and there you go you have your certificates. If this is a domain the server will automatically become a root authority if not make sure you download the whole chain an install the server as a root authority on the client machine you will be using this certificate with.
PAQed with no points refunded (of 500)

Computer101
EE Admin

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.