Re: certificate server

Tom Traband Mon, 06 Nov 2000 09:54:02 -0800
Comments inline.

"Jim Bond" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> I'm kind of confused on certificate servers:
> 1. Is the certificate for devices (host, router etc.)
> or persons?

Either one. Remeber that a certificate is really a "validated" (by  a
certificate authority) Public key of a key pair. A CA validates the pair,
but the key pair can be "owned" by a device or a person

> 2. Do I have to use seperate certificates on web
> browsing, email, file transfer etc? If not, how does
> the certificate handle all these?

You can use the same certificate for these, or you can have any number of
certificates and designate what each of them should be used for.
Server-provided services generally leverage a server-based certificate in
some way (like SSL does) while e-mail is usually covered by a user (or
client) certificate. Part of the x.509v3 specification includes fields for
"accepted applications," e.g. use for personal e-mail and posting, but not
for credit transactions.

For web browsing, you usually read in the trusted root of the certificate
authority into the browser (if it wasn't there already) and that makes it
easier to accept content "signed" by a certificate validated by that CA.
Otherwise you are prompted to accept certificates on a one-at-a-time basis
as you hit encrypted of protected content.

Your e-mail client software should provide you with info on how to set up
certificates. Each program is a bit different here.

> 3. Is windows 2000 certificate server a good choice
> for enterprise? Or Netscape a good one?
> Thanks in advance.

Can't say, I've only used Netware 5.1 as a CA. It works very well, and
stores certificates either as properties of the user objects, or as separate
NDS objects for servers, etc.

>
> Jim
>
> __________________________________________________
> Do You Yahoo!?
> Thousands of Stores.  Millions of Products.  All in one Place.
> http://shopping.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: certificate server

Reply via email to
