setting up a certificate authority

setting up a certificate authority

Post by David M. Mehring » Tue, 02 Feb 1999 04:00:00



Hi,
Can anyone tell me where I can find info on what is involved in setting
up and running a certificate authority?  This would be for a small
group of users only so that code written by developers in the group
can be authenticated by the end users in the group.


Thanks!

--
David Mehringer, Ph.D.            University of Illinois  

BIMA Data Archivist               Urbana, IL 61801 USA
http://monet.astro.uiuc.edu/~dmehring/dmehring.html

 
 
 

setting up a certificate authority

Post by Scott Nelso » Tue, 02 Feb 1999 04:00:00


>Can anyone tell me where I can find info on what is involved in setting
>up and running a certificate authority?  This would be for a small
>group of users only so that code written by developers in the group
>can be authenticated by the end users in the group.



Could you please post a summary?  I am interested in the same thing and
perhaps others are too.

I have gpg and pgp and ssleay.

 
 
 

setting up a certificate authority

Post by David M. Mehring » Tue, 02 Feb 1999 04:00:00


Hi,
Can anyone tell me where I can find info on what is involved in setting
up and running a certificate authority?  This would be for a small
group of users only so that code written by developers in the group
can be authenticated by the end users in the group.


Thanks!

--
David Mehringer, Ph.D.            University of Illinois  

BIMA Data Archivist               Urbana, IL 61801 USA
http://monet.astro.uiuc.edu/~dmehring/dmehring.html

 
 
 

setting up a certificate authority

Post by Miguel Cr » Tue, 02 Feb 1999 04:00:00


(posted and mailed)


Quote:> Can anyone tell me where I can find info on what is involved in setting
> up and running a certificate authority?  This would be for a small
> group of users only so that code written by developers in the group
> can be authenticated by the end users in the group.

Basically, about 15 minutes' work. Read the documentation that comes with
Apache-SSL (that part will take substantially longer than 15 minutes).

miguel

 
 
 

setting up a certificate authority

Post by Martin Ouweha » Wed, 03 Feb 1999 04:00:00




] Can anyone tell me where I can find info on what is involved in setting
] up and running a certificate authority?  This would be for a small
] group of users only so that code written by developers in the group
] can be authenticated by the end users in the group.

I've written a summary of my experiences of setting-up a certification
authority with the help of Eric Young's SSLeay software. It's available at:

        http://cognac.epfl.ch/SIC/SL/CA/

--
  | ~~~~~~~~ Martin Ouwehand ~ Swiss Federal Institute of Technology ~ Lausanne
__|_________ Email/PGP: http://slwww.epfl.ch/SIC/SL/info/Martin.html __________
Les gens superstitieux portent malheur                               [C. Juvet]

 
 
 

setting up a certificate authority

Post by S.S. » Wed, 03 Feb 1999 04:00:00


With my limited experiences, I'll try to answer your question...

You can use a 3rd party CA for the setup, like Entrust or Verisign or GTE.
You can simply click on your browser under "security" and see a list of CA
issuers.  Just pick one of them....

Now if you wanted to encrypt email communication between you and the reader.
That is a bit difference and may require some research on your part.

Most CA issuers will say their cert. allows you to do S-MINE.  Which in most
part is true.  But you need to research more on how each vendor implement
the LDAP and find one that suit your need best....

CA is a new tech.  and there are lots of "unknown" out there......

 
 
 

setting up a certificate authority

Post by Yu Hai' » Thu, 04 Feb 1999 04:00:00




>] Can anyone tell me where I can find info on what is involved in setting
>] up and running a certificate authority?  This would be for a small
>] group of users only so that code written by developers in the group
>] can be authenticated by the end users in the group.

>I've written a summary of my experiences of setting-up a certification
>authority with the help of Eric Young's SSLeay software. It's available at:

>    http://cognac.epfl.ch/SIC/SL/CA/

I don't have unix. Can NT server 4.0 be a CA? Is M$ certificate server
do the same / almost the same thing?

please e-mail me as well.
Thank you in advance
--
Herbert

 
 
 

setting up a certificate authority

Post by Yu Hai' » Thu, 04 Feb 1999 04:00:00


May be you misunderstand his question. What he need is a certificated
server not certifited e-mail.

Hope I do not misunderstand you.

Ha Ha :-)

Quote:>With my limited experiences, I'll try to answer your question...

>You can use a 3rd party CA for the setup, like Entrust or Verisign or GTE.
>You can simply click on your browser under "security" and see a list of CA
>issuers.  Just pick one of them....

>Now if you wanted to encrypt email communication between you and the reader.
>That is a bit difference and may require some research on your part.

>Most CA issuers will say their cert. allows you to do S-MINE.  Which in most
>part is true.  But you need to research more on how each vendor implement
>the LDAP and find one that suit your need best....

>CA is a new tech.  and there are lots of "unknown" out there......

 
 
 

setting up a certificate authority

Post by Martin Ouweha » Fri, 05 Feb 1999 04:00:00




] >I've written a summary of my experiences of setting-up a certification
] >authority with the help of Eric Young's SSLeay software. It's available at:
] >
] >  http://cognac.epfl.ch/SIC/SL/CA/
]
] I don't have unix. Can NT server 4.0 be a CA? Is M$ certificate server
] do the same / almost the same thing?

I have no experience with NT, so I can't tell. But it should be possible
to use SSLeay anywhere there's a C compiler and set-up a CA.

--
  | ~~~~~~~~ Martin Ouwehand ~ Swiss Federal Institute of Technology ~ Lausanne
__|_________ Email/PGP: http://slwww.epfl.ch/SIC/SL/info/Martin.html __________
Error message haiku:     Chaos reigns within / Reflect, repent,
                         and reboot / Order shall return            [S. Wagner]

 
 
 

setting up a certificate authority

Post by Alan Strassbe » Sun, 07 Feb 1999 04:00:00




Quote:>Hi,
>Can anyone tell me where I can find info on what is involved in setting
>up and running a certificate authority?  This would be for a small
>group of users only so that code written by developers in the group
>can be authenticated by the end users in the group.

        One project is Oscar ...

        http://www.dstc.qut.edu.au/MSU/projects/pki/

                                alan
--

 
 
 

setting up a certificate authority

Post by Matt Bi » Wed, 10 Feb 1999 04:00:00


I coulda swore Yu Hai'an said:
[I don't have unix. Can NT server 4.0 be a CA? Is M$ certificate server
[do the same / almost the same thing?

I've never used MS CS, but SSLeay can run under NT. And it's
distributed with source, what a deal.

--


Key fingerprint =  16 F7 69 A2 78 AC 83 7E  AD 04 BE 82 90 B0 47 58
Deus ex machina

 
 
 

setting up a certificate authority

Post by Michael Kafk » Wed, 10 Feb 1999 04:00:00


[..........................]

> I don't have unix. Can NT server 4.0 be a CA? Is M$ certificate server
> do the same / almost the same thing?

> please e-mail me as well.
> Thank you in advance
> --
> Herbert


there are some NT-based products i heard of:
e.g. Verisign Onsite for NT, I'm planning to install this soon
for my security-lab (IPsec etc...)

hope this helps, Michael Kafka