The user is supposed to create his key pair on his machine and send out the
certificate request. If you are doing everything, then you have the
opportuty to compromise his private key. Technically, this is not a
corrrect way to do certification.
Cheers
lin geng
-----Original Message-----
From: Mark Weaver <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: Mark and Mary Beth <[EMAIL PROTECTED]>
Date: Friday, June 04, 1999 6:11 PM
Subject: Certificate Authority
>Hello:
>
>Not sure if this is the right place to post this question, but
>maybe someone can direct me.
>
>
>I am a Certificate Authority for an office project. We use Netscape
>Certificate Server software (part of Suitespot). Currently, when a
>user requests a certificate, they have to go through several popup
>windows to download a certificate in order to access the form on the
>certificate server. For some users this is a no brainer and everything
>works fine, but for some users they would rather have their teeth
>pulled then to deal with popup windows.
>
>Once the user submits their request, I as certificate authority
>review the request, assign it "me" and issue the certificate. I then
>send them an email with the location of where to pick up the
>certificate. When they import the certificate, they once again have
>to go through a number of popup windows.
>
>Is there a way to have the user email me information applicable
>to the project, and I go through a series of windows that creates
>the certificate for them, and make the importation of the certificate
>as painless as possible.
>
>I do not think we are using Apache.
>
>Microsoft IE is not an option (nor something I want to use).
>
>Any help would be appreciated. Are there any web pages that
>deal with Certificates and Cert Authorities?
>
>Thanks,
>
>Mark Weaver
>
>--
>Mark and Mary Beth Weaver
>410-203-2893(H)
>[EMAIL PROTECTED]
>http://members.bellatlantic.net/~mmweave1/index.html
>
>
>***************************************
>The time travel committee will
>meet at 1200 hours 15 Aug 98.
>Please be on time.
>If you are late, come back earlier.
>***************************************
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
