> From: Michael DeMond [mailto:mich...@dragonspark.us] > > You have mentioned StartSSL twice now and after taking a look into it, it does > look promising. I basically need a signed certificate from them, one that > would allow me to specify the serial number and/or extensions, and I will be > good to go.
Here is a step-by-step guide that I wrote: http://downloads.conceptblossom.com/synctuary/Trusted_Cert_StartSSL.pdf Unfortunately, it's out of date, as they've updated their website a few weeks ago, but conceptually it should be the same. If you complete up to page 19, you have created an identity cert, which is used to authenticate to their webpage. For an example, quit out of IE and browse back there again. When you click Authenticate, then the OS will prompt you, "Do you want IE to access your cert?" I have another guide somewhere for Firefox, Chrome, and Safari, but the process is the same. It's just different browser dialogues. This process might be enlightening to you, but I don't think it's likely to help you with your Azure thing. Because the the page you referenced was specifically Azure AD, I expect the Azure solution will involve creating a Microsoft Certificate server (CA) and registering user certs or device certs to user and computer accounts in AD. > I am interested in hearing about asymmetric keys, but I do not think that You're already familiar with asymmetric keys, if you use ssh with key authentication. ssh-keygen (unix/linux) or puttygen (in windows) allows you to generate a public/private keypair, and then you upload the public key to the server somehow, and then your client is able to authenticate automatically using the private key. Good luck. :-)
