Solved

CA certificate

Posted on 2011-02-24
13
764 Views
Last Modified: 2012-06-27
Anyone know the price range for a CA certificate?  I think these are also called Intermediate certs.

thanks.

0
Comment
Question by:NYGiantsFan
  • 6
  • 5
  • 2
13 Comments
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973246
You can find all the info at www.ssl247.com.
The rapid ssl is a good certificate to get you going, also for production. Mind you it is only 128 bits.
For prooven security, you need 256 bits.
0
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973309
So, starts with a free trail, 30 days and one year for 44 dlr.
If you change the server very often, you could upgrade to pro for unlimited reissues.
You can also get 256 bit certificates from RapidSSL, but i don't think the free one is.

rgds
0
 
LVL 77

Expert Comment

by:arnold
ID: 34973446
Does you want to be a public CA or is it for internal use?
For internal use, you can setup your own CA Using openssl or as a service from within windows.
0
 

Author Comment

by:NYGiantsFan
ID: 34974163
It is for internal use, however higher up does not want to install OpenSSL, Microsoft CA, or any certificate authorities.  They would prefer to use a service like verisign.

They want an intermediate CA certificate.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34974984
To be an intermediary authority you have to setup and configure a CA that will generate a request and be signed by the public entity i.e. verisign.

You can not avoid the setup/configuration of a CA (wheher it is the internal root CA or it is an intermediate/subordinated CA)

0
 

Author Comment

by:NYGiantsFan
ID: 34979022


Why cannot I just by a CA intermediate cert?

Thanks.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34980536
The intermdiate certficate is just that a means by which your Identity is confirmed and authorizes you to sign certificates of your own.
I.e. You can an inermediate certificate from Verisign.
The path of which is
verisign

When you issue a certificate using  a CA where the intermediate certificate is loaded for user, when checking their certificate to confirm their identity the path of the certificate will be
Verisign (as the Ca)
Yourserver (intermediate CA)
User

It is not clear What it is you want to achieve.

http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

Does your organization wish to be in a position to issue certificates without the need to pay for individual certificates for the web site, personal id, email encryption, etc.?
0
 
LVL 77

Expert Comment

by:arnold
ID: 34980594
0
 

Author Comment

by:NYGiantsFan
ID: 34981261
I just spoke with Entrust, and they told me they don't sell CA Intermediate Certificates.  Which makes sense, because then I could sell certificates.

0
 

Author Comment

by:NYGiantsFan
ID: 34981406
Basically what we are trying to do is set up an SSL Proxy.  The SSL proxy needs a CA Intermediate certificate.  Normally, you could do this, then push out the client certs  to everyone in your network.  We are lazy, and don't want to push out certificates.  Some of the engineers thoughts that you could purchase a SSL CA intermediate certificate to accomplish this.

I don't think you can.

0
 
LVL 77

Expert Comment

by:arnold
ID: 34982665
An SSL proxy needs to be trusted, but any access to a secure site will generate a man in the middle error since the certificate that your proxy will present will not match the site to which the browser is going.

AD GPO can automate the autoenroll process of computers/users for issuance of certificates.
0
 

Author Comment

by:NYGiantsFan
ID: 34996780
Hmmm. I wonder what fields a CA certificate has that a regular Cert doesn't have.


I am guessing a Regular cert has a signature, and a CN.

A CA certificate must have a signature and not a CN.

Sound correct?
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 34998786
They have the same parameters, except that a CA certificate is recognized and can be used to sign other requests.
i.e. the differnece between a notorized paper and a notorized paper authorizing a person to be a public notory.  Similar paper with a similar notory signature.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MITM attack on Android phones 8 107
Do we need servers??? 5 188
Saving BitLocker key to AD DS 7 47
Enable File and Printer Sharing on all servers - is it a vulnerability? 6 81
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now