Solved

ADCS vs. self-signed certificates

Posted on 2013-06-12
2
781 Views
Last Modified: 2013-06-13
Hello -

I am at a cross road with our Digital Signature project. Our goal is to provide the ability to digitally sign in-house PDFs. The PDFs will not leave the organization.

Solution #1: I have installed and configured Active Directory Certificate Services and have been working out a problem with publishing the Delta CRL. This solution is still dysfunctional.

Solution #2: Another suggestion was made that I use self-signed certificates, created by Adobe, and placed on protected shares accessible to the various groups within our organization. When a PDF needs a signature the user may select his/her .pfx from the share & authenticate identify with password.

My question are:

1. Which method is preferred? I suspect #1 is more secure.
2. Is solution #2 a legitimate option?
3. What is your experience with either solution?

Thank you kindly
0
Comment
Question by:ozihandicraft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 350 total points
ID: 39243439
The difference is manageability and continuity.
Using ADCS you can publish the internal CA's Certificate as trusted through out the organization and thus all documents signed by a certificate issued by this CA will be seen as trusted. you can issue certificates to users/systems.
The publishing of the CA CRL/Root certificate is part of the GPO and should be included in the default domain policy computer configuration/security settings/

Using a self-signed certificate every so often may mean that the users will be presented over time with a warning that the signing certficate is not-trusted and whether they want to proceed.

1) is as you point out a logterm solution.
2) is used when the need it limited/immediate i.e. you need something right away and do not need to go through messing with the ADCS setup/configuration/

1 is the way to go.  Make sure to backup the CA regularly (when certificates are issued/or the CA certificate is renewed)
This way should the system experience a hardware failure, you can always restore the CA on another system.
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 150 total points
ID: 39243623
as noted above self signed certificates require an import for each certificate that the user has to interact with.. A central CA means you only have to interact (and many times not even that) with the root domain certificate  and import it into your trusted root authorities.. a Central CA is better if you have a lot of users and it keeps the certificate store on the computers at a manageable level.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Sometimes we receive PDF files that are in the wrong orientation. They may be sideways or even upside down. This most commonly happens with scanned or faxed documents. It is possible to rotate the view of these PDFs with the free Adobe Reader produc…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question