Solved

Create My Own Certificates

Posted on 2006-10-23
13
189 Views
Last Modified: 2010-04-11

Is i possible to create my own certificates.  Basically I want to allow about 30 different clients to sign a form in an application so I can then verify that that THEY signed the form.  I know I can buy certificates from a CA but it could work out expensive.  Also when the form is signed does the time and date of when it was signed go with the signature.


0
Comment
Question by:Kevin Robinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
13 Comments
 
LVL 8

Expert Comment

by:jako
ID: 17789135
It is possible and sometimes also absolutely feasible. You might want to check out one CA that is somewhat different: http://www.cacert.org - certificates are free ;)
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789488
I have created a certifcate but it says

"Your certificate, this is only useful for people using smart cards."

What does this mean.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789570
Please do enlighten us, what kind of software you are using and regarding the smartcards, I highly doubt that. [x509] certificates are usually just containers of private and public keys + some metadata. It's up to it's user how to handle those. Even with certs stuck in smartcards, if it's possible to read the card, it's possible to use those certs almost everywhere.
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 8

Expert Comment

by:jako
ID: 17789587
and to educate yourself on the subject, do read on the X509 from the wikipedia that has it nicely covered: http://en.wikipedia.org/wiki/X.509
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789595
Im not using smart cards.  Im going to be using the cert with a windows application which will create the signature.

Have you used that site yourself?  I'm very new to all this
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789647
1.  Set up your own CA Server that will issue you your certificates.  Send the requests to this server.  Respond to the request sending back your certificate well to yourself
2.  You selfssl.exe from IIS 6.0 resource kit to create your own SSL.
0
 
LVL 8

Expert Comment

by:jako
ID: 17789674
yes, I've use the CAcert.org and I am a CAcert (and also Thawte WoT) notary. And not using the smartcards is OK. These are only good as a storage medium and little more. The security provided by tokenizing the smartcards is only as good as the gullible person who allows his/her card to be copied. Now when the hw token and cert passphrase are combined, it might raise the security level a little, though. but all this is offtopic already.

Since you are new to this, I suggest you get some help. Someone to stand by and give over-the-shoulder consultation, because if you intend to get this scheme up and running in 2006 and do it all right, it might take some time and some failed tries.
0
 
LVL 3

Author Comment

by:Kevin Robinson
ID: 17789735
crawfordits. "Set up your own CA Server".  How do I do this?  Does it install on windows server 2003?

jakopriit :  Yes I understand your concern but the clients have signed up to a grants programme so have already been verified, so to speak (signed contracts etc).  

Really I need to use the certificate to subsitute their physical signature.  Becoming our own governing CA I think would be aceptable in our situation.
0
 
LVL 9

Expert Comment

by:crawfordits
ID: 17789827
Should install on 03.  Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807819
That is exactly it!
Start->Control Panel->Add/Remove Programs->Add/Remove Windows Components->Install Certificate Services.

Then navigate to the following

http://%ServerName%/certsrv/

and there you go you have your certificates. If this is a domain the server will automatically become a root authority if not make sure you download the whole chain an install the server as a root authority on the client machine you will be using this certificate with.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18042275
PAQed with no points refunded (of 500)

Computer101
EE Admin
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Here's a look at newsworthy articles and community happenings during the last month.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question