Solved

CA certificate

Posted on 2011-02-24
13
754 Views
Last Modified: 2012-06-27
Anyone know the price range for a CA certificate?  I think these are also called Intermediate certs.

thanks.

0
Comment
Question by:NYGiantsFan
  • 6
  • 5
  • 2
13 Comments
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973246
You can find all the info at www.ssl247.com.
The rapid ssl is a good certificate to get you going, also for production. Mind you it is only 128 bits.
For prooven security, you need 256 bits.
0
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973309
So, starts with a free trail, 30 days and one year for 44 dlr.
If you change the server very often, you could upgrade to pro for unlimited reissues.
You can also get 256 bit certificates from RapidSSL, but i don't think the free one is.

rgds
0
 
LVL 76

Expert Comment

by:arnold
ID: 34973446
Does you want to be a public CA or is it for internal use?
For internal use, you can setup your own CA Using openssl or as a service from within windows.
0
 

Author Comment

by:NYGiantsFan
ID: 34974163
It is for internal use, however higher up does not want to install OpenSSL, Microsoft CA, or any certificate authorities.  They would prefer to use a service like verisign.

They want an intermediate CA certificate.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34974984
To be an intermediary authority you have to setup and configure a CA that will generate a request and be signed by the public entity i.e. verisign.

You can not avoid the setup/configuration of a CA (wheher it is the internal root CA or it is an intermediate/subordinated CA)

0
 

Author Comment

by:NYGiantsFan
ID: 34979022


Why cannot I just by a CA intermediate cert?

Thanks.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34980536
The intermdiate certficate is just that a means by which your Identity is confirmed and authorizes you to sign certificates of your own.
I.e. You can an inermediate certificate from Verisign.
The path of which is
verisign

When you issue a certificate using  a CA where the intermediate certificate is loaded for user, when checking their certificate to confirm their identity the path of the certificate will be
Verisign (as the Ca)
Yourserver (intermediate CA)
User

It is not clear What it is you want to achieve.

http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

Does your organization wish to be in a position to issue certificates without the need to pay for individual certificates for the web site, personal id, email encryption, etc.?
0
 
LVL 76

Expert Comment

by:arnold
ID: 34980594
0
 

Author Comment

by:NYGiantsFan
ID: 34981261
I just spoke with Entrust, and they told me they don't sell CA Intermediate Certificates.  Which makes sense, because then I could sell certificates.

0
 

Author Comment

by:NYGiantsFan
ID: 34981406
Basically what we are trying to do is set up an SSL Proxy.  The SSL proxy needs a CA Intermediate certificate.  Normally, you could do this, then push out the client certs  to everyone in your network.  We are lazy, and don't want to push out certificates.  Some of the engineers thoughts that you could purchase a SSL CA intermediate certificate to accomplish this.

I don't think you can.

0
 
LVL 76

Expert Comment

by:arnold
ID: 34982665
An SSL proxy needs to be trusted, but any access to a secure site will generate a man in the middle error since the certificate that your proxy will present will not match the site to which the browser is going.

AD GPO can automate the autoenroll process of computers/users for issuance of certificates.
0
 

Author Comment

by:NYGiantsFan
ID: 34996780
Hmmm. I wonder what fields a CA certificate has that a regular Cert doesn't have.


I am guessing a Regular cert has a signature, and a CN.

A CA certificate must have a signature and not a CN.

Sound correct?
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 34998786
They have the same parameters, except that a CA certificate is recognized and can be used to sign other requests.
i.e. the differnece between a notorized paper and a notorized paper authorizing a person to be a public notory.  Similar paper with a similar notory signature.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now