Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 782
  • Last Modified:

CA certificate

Anyone know the price range for a CA certificate?  I think these are also called Intermediate certs.

thanks.

0
NYGiantsFan
Asked:
NYGiantsFan
  • 6
  • 5
  • 2
3 Solutions
 
rob_AXSNLCommented:
You can find all the info at www.ssl247.com.
The rapid ssl is a good certificate to get you going, also for production. Mind you it is only 128 bits.
For prooven security, you need 256 bits.
0
 
rob_AXSNLCommented:
So, starts with a free trail, 30 days and one year for 44 dlr.
If you change the server very often, you could upgrade to pro for unlimited reissues.
You can also get 256 bit certificates from RapidSSL, but i don't think the free one is.

rgds
0
 
arnoldCommented:
Does you want to be a public CA or is it for internal use?
For internal use, you can setup your own CA Using openssl or as a service from within windows.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
NYGiantsFanAuthor Commented:
It is for internal use, however higher up does not want to install OpenSSL, Microsoft CA, or any certificate authorities.  They would prefer to use a service like verisign.

They want an intermediate CA certificate.
0
 
arnoldCommented:
To be an intermediary authority you have to setup and configure a CA that will generate a request and be signed by the public entity i.e. verisign.

You can not avoid the setup/configuration of a CA (wheher it is the internal root CA or it is an intermediate/subordinated CA)

0
 
NYGiantsFanAuthor Commented:


Why cannot I just by a CA intermediate cert?

Thanks.
0
 
arnoldCommented:
The intermdiate certficate is just that a means by which your Identity is confirmed and authorizes you to sign certificates of your own.
I.e. You can an inermediate certificate from Verisign.
The path of which is
verisign

When you issue a certificate using  a CA where the intermediate certificate is loaded for user, when checking their certificate to confirm their identity the path of the certificate will be
Verisign (as the Ca)
Yourserver (intermediate CA)
User

It is not clear What it is you want to achieve.

http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

Does your organization wish to be in a position to issue certificates without the need to pay for individual certificates for the web site, personal id, email encryption, etc.?
0
 
arnoldCommented:
0
 
NYGiantsFanAuthor Commented:
I just spoke with Entrust, and they told me they don't sell CA Intermediate Certificates.  Which makes sense, because then I could sell certificates.

0
 
NYGiantsFanAuthor Commented:
Basically what we are trying to do is set up an SSL Proxy.  The SSL proxy needs a CA Intermediate certificate.  Normally, you could do this, then push out the client certs  to everyone in your network.  We are lazy, and don't want to push out certificates.  Some of the engineers thoughts that you could purchase a SSL CA intermediate certificate to accomplish this.

I don't think you can.

0
 
arnoldCommented:
An SSL proxy needs to be trusted, but any access to a secure site will generate a man in the middle error since the certificate that your proxy will present will not match the site to which the browser is going.

AD GPO can automate the autoenroll process of computers/users for issuance of certificates.
0
 
NYGiantsFanAuthor Commented:
Hmmm. I wonder what fields a CA certificate has that a regular Cert doesn't have.


I am guessing a Regular cert has a signature, and a CN.

A CA certificate must have a signature and not a CN.

Sound correct?
0
 
arnoldCommented:
They have the same parameters, except that a CA certificate is recognized and can be used to sign other requests.
i.e. the differnece between a notorized paper and a notorized paper authorizing a person to be a public notory.  Similar paper with a similar notory signature.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now