[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

need to issue certificate for an internal application

Posted on 2011-03-25
5
Medium Priority
?
400 Views
Last Modified: 2012-05-11
We are using an SSO product. It supports "self service" password reset from the SSO level layer.

For trusted access it is asking for a valid security certicate for the vault, the installed cert must have the follow characteristics:

The certificate must be issued by a Certification Authority (CA) that is trusted by end users.
The certificate must be in PEM format, a text-based Base64 encoding of the binary DER format.
The certificate file must include an unencrypted private key.
The certificate includes the VIP as the subjectAltName field in the Certificate Signing Request to the CA.
The vault needs to be restarted for the certificate to take effect in Password Reset Operations.


I don't know much about certs except for the ones I've purchased from our ISP for our exchange system to work and another system that uses https:...

this system in question is a totally internal system which cannot be seen from the outside. I have a DC with CA running on it... is that a start?

I have no idea how to have one issued, or how to "request" one.

I've included a screenshot of the Sentillion "install cert" page and of our CA on one of our DC's.

Thanks. server 2003 The current status of the CA windows on the one DC that has this service running
0
Comment
Question by:BryceRichert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Accepted Solution

by:
edster9999 earned 1332 total points
ID: 35219237
You have two options.
1. You can buy a real cert from ay of the providers.  You will need to renew this each time it runs out (you can get them for 1 year or longer periods like 2 or 5 years)
This will work staight away on all machines.
If you want to go this route, google SSL CERT or talk to the ISP you already used.

2. You can issu a self sign cert.  This is where you make a cert yourself.  You will then need to install the cert above it (the signing company (which is you in this case)) on all pcs.
If you want to go this way Google "HOW TO SELF SIGN CERT".
Easiest way is to install OpenSSL and follow instructions posted a million times on the Internet.

0
 

Author Comment

by:BryceRichert
ID: 35219326
do I need a high assurity cert or can I just find the cheapest place?

I have lots of stuff at godaddy.. is this good enough?
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 1332 total points
ID: 35219371
cheapest one.  As long as the CA signer (the signing company) is recognised by all browsers.  Some of the cheaper ones are not.  
Go Daddy is fine.  It is cheap yet still recognised by all (important) browsers
0
 

Assisted Solution

by:busplanner
busplanner earned 668 total points
ID: 35219431
Here's another: http://www.rapidssl.com/  that has worked well for me
0
 

Author Closing Comment

by:BryceRichert
ID: 35252542
thanks.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question