> From: Michael DeMond [mailto:mich...@dragonspark.us] > > Apologies if I have or am already breaking any sort of rules and/or protocol > here in reaching out to you here.
Your email is completely appropriate here. There is also a strong community on stackoverflow, and http://crypto.stackexchange.com/ > Anyways, my question is actually the same as the question asked within the > comments of this blog post, and that is: is it possible to generate a > certificate > from a provided CA root certificate? I am learning about all of this, and I > *mostly* have things working in the test environment, but at some point I > will have to put the big boy pants on, and use a trusted certificate from an > external source (from what I understand). Will I be able to use this approach > with that certificate? Unless I miss my guess, you seem to not really understand how certificates work, or even, what exactly they are. My first response is to say: If what you want is the academic learning experience, start by reading Cryptography Engineering, and/or attend an intro to cryptography class. There is a free video course on coursera, and probably other locations too. I've done both of these, and personally I think the book is better, but the coursera class is also very good. If your goal is to use something practical, rather than learn everything about cryptography, you should probably just get a real cert from a trusted CA. Free certs are available from https://startssl.com or https://letsencrypt.org. There are also various low-cost cert providers (like $11/yr) for example https://namecheap.com. You can create a self-signed cert, but then you should never expose it to the internet, so what's the point. If you know enough to tell me the nuances of when it would be ok and my overly broad generalized statement here is wrong - then you wouldn't be asking this question. ;-) You can create your own private CA, and build and deploy a private key infrastructure (PKI), but if you want to do this, you really should have a solid understanding of cryptography first. It's a lot of work, very complex, with lots of ways to shoot yourself. Most likely you wouldn't do that in a programming language such as C#; most likely you would use some preexisting tools such as openssl.
