Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

CA certificate

Posted on 2011-02-24
13
Medium Priority
?
779 Views
Last Modified: 2012-06-27
Anyone know the price range for a CA certificate?  I think these are also called Intermediate certs.

thanks.

0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973246
You can find all the info at www.ssl247.com.
The rapid ssl is a good certificate to get you going, also for production. Mind you it is only 128 bits.
For prooven security, you need 256 bits.
0
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973309
So, starts with a free trail, 30 days and one year for 44 dlr.
If you change the server very often, you could upgrade to pro for unlimited reissues.
You can also get 256 bit certificates from RapidSSL, but i don't think the free one is.

rgds
0
 
LVL 79

Expert Comment

by:arnold
ID: 34973446
Does you want to be a public CA or is it for internal use?
For internal use, you can setup your own CA Using openssl or as a service from within windows.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:NYGiantsFan
ID: 34974163
It is for internal use, however higher up does not want to install OpenSSL, Microsoft CA, or any certificate authorities.  They would prefer to use a service like verisign.

They want an intermediate CA certificate.
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 2000 total points
ID: 34974984
To be an intermediary authority you have to setup and configure a CA that will generate a request and be signed by the public entity i.e. verisign.

You can not avoid the setup/configuration of a CA (wheher it is the internal root CA or it is an intermediate/subordinated CA)

0
 

Author Comment

by:NYGiantsFan
ID: 34979022


Why cannot I just by a CA intermediate cert?

Thanks.
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 2000 total points
ID: 34980536
The intermdiate certficate is just that a means by which your Identity is confirmed and authorizes you to sign certificates of your own.
I.e. You can an inermediate certificate from Verisign.
The path of which is
verisign

When you issue a certificate using  a CA where the intermediate certificate is loaded for user, when checking their certificate to confirm their identity the path of the certificate will be
Verisign (as the Ca)
Yourserver (intermediate CA)
User

It is not clear What it is you want to achieve.

http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

Does your organization wish to be in a position to issue certificates without the need to pay for individual certificates for the web site, personal id, email encryption, etc.?
0
 
LVL 79

Expert Comment

by:arnold
ID: 34980594
0
 

Author Comment

by:NYGiantsFan
ID: 34981261
I just spoke with Entrust, and they told me they don't sell CA Intermediate Certificates.  Which makes sense, because then I could sell certificates.

0
 

Author Comment

by:NYGiantsFan
ID: 34981406
Basically what we are trying to do is set up an SSL Proxy.  The SSL proxy needs a CA Intermediate certificate.  Normally, you could do this, then push out the client certs  to everyone in your network.  We are lazy, and don't want to push out certificates.  Some of the engineers thoughts that you could purchase a SSL CA intermediate certificate to accomplish this.

I don't think you can.

0
 
LVL 79

Expert Comment

by:arnold
ID: 34982665
An SSL proxy needs to be trusted, but any access to a secure site will generate a man in the middle error since the certificate that your proxy will present will not match the site to which the browser is going.

AD GPO can automate the autoenroll process of computers/users for issuance of certificates.
0
 

Author Comment

by:NYGiantsFan
ID: 34996780
Hmmm. I wonder what fields a CA certificate has that a regular Cert doesn't have.


I am guessing a Regular cert has a signature, and a CN.

A CA certificate must have a signature and not a CN.

Sound correct?
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 34998786
They have the same parameters, except that a CA certificate is recognized and can be used to sign other requests.
i.e. the differnece between a notorized paper and a notorized paper authorizing a person to be a public notory.  Similar paper with a similar notory signature.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question