Solved

CA certificate

Posted on 2011-02-24
13
767 Views
Last Modified: 2012-06-27
Anyone know the price range for a CA certificate?  I think these are also called Intermediate certs.

thanks.

0
Comment
Question by:NYGiantsFan
  • 6
  • 5
  • 2
13 Comments
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973246
You can find all the info at www.ssl247.com.
The rapid ssl is a good certificate to get you going, also for production. Mind you it is only 128 bits.
For prooven security, you need 256 bits.
0
 
LVL 3

Expert Comment

by:rob_AXSNL
ID: 34973309
So, starts with a free trail, 30 days and one year for 44 dlr.
If you change the server very often, you could upgrade to pro for unlimited reissues.
You can also get 256 bit certificates from RapidSSL, but i don't think the free one is.

rgds
0
 
LVL 77

Expert Comment

by:arnold
ID: 34973446
Does you want to be a public CA or is it for internal use?
For internal use, you can setup your own CA Using openssl or as a service from within windows.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:NYGiantsFan
ID: 34974163
It is for internal use, however higher up does not want to install OpenSSL, Microsoft CA, or any certificate authorities.  They would prefer to use a service like verisign.

They want an intermediate CA certificate.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34974984
To be an intermediary authority you have to setup and configure a CA that will generate a request and be signed by the public entity i.e. verisign.

You can not avoid the setup/configuration of a CA (wheher it is the internal root CA or it is an intermediate/subordinated CA)

0
 

Author Comment

by:NYGiantsFan
ID: 34979022


Why cannot I just by a CA intermediate cert?

Thanks.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 34980536
The intermdiate certficate is just that a means by which your Identity is confirmed and authorizes you to sign certificates of your own.
I.e. You can an inermediate certificate from Verisign.
The path of which is
verisign

When you issue a certificate using  a CA where the intermediate certificate is loaded for user, when checking their certificate to confirm their identity the path of the certificate will be
Verisign (as the Ca)
Yourserver (intermediate CA)
User

It is not clear What it is you want to achieve.

http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

Does your organization wish to be in a position to issue certificates without the need to pay for individual certificates for the web site, personal id, email encryption, etc.?
0
 
LVL 77

Expert Comment

by:arnold
ID: 34980594
0
 

Author Comment

by:NYGiantsFan
ID: 34981261
I just spoke with Entrust, and they told me they don't sell CA Intermediate Certificates.  Which makes sense, because then I could sell certificates.

0
 

Author Comment

by:NYGiantsFan
ID: 34981406
Basically what we are trying to do is set up an SSL Proxy.  The SSL proxy needs a CA Intermediate certificate.  Normally, you could do this, then push out the client certs  to everyone in your network.  We are lazy, and don't want to push out certificates.  Some of the engineers thoughts that you could purchase a SSL CA intermediate certificate to accomplish this.

I don't think you can.

0
 
LVL 77

Expert Comment

by:arnold
ID: 34982665
An SSL proxy needs to be trusted, but any access to a secure site will generate a man in the middle error since the certificate that your proxy will present will not match the site to which the browser is going.

AD GPO can automate the autoenroll process of computers/users for issuance of certificates.
0
 

Author Comment

by:NYGiantsFan
ID: 34996780
Hmmm. I wonder what fields a CA certificate has that a regular Cert doesn't have.


I am guessing a Regular cert has a signature, and a CN.

A CA certificate must have a signature and not a CN.

Sound correct?
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 34998786
They have the same parameters, except that a CA certificate is recognized and can be used to sign other requests.
i.e. the differnece between a notorized paper and a notorized paper authorizing a person to be a public notory.  Similar paper with a similar notory signature.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question