At 07:02 PM 5/23/00, you wrote:
>I feel everyone is missing the point.
>
>What do I do as a company when I want to "acquire" 1,000's of user certs so
>that my users can (e.g.) use IPSec VPN solutions over the Internet to
>access corporate services?
Simple answer, you don't. IPSec does not require a 'public' cert, .. most IPSec
systems we have configured just generate their own (I think, .. at least we have never
had to deal with an external cert). We then issue *client* certs for the remote
routers.
>I don't _need_ a major CA to be guaranteeing the validity - I need to be the
>CA!
True! The only reason to subscribe to a Certified Cert is if you want to avoid users
getting the 'do you trust this source' message.
>Other commercial outfits are producing CAs (Microsoft come to mind - anyone
>running Active Directory!?!?!?), so why cannot there be an Opensource one?!?!?
I must have missed something in this thread? Is there a problem with openca
(www.openca.org)??
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
