I am a relative newbie to SSL certs but really want to understand them better and use them to help my clients.
Here's my basic goal: - generate certificates for client users like, Jane Doe at XYZ Inc,, John Doe at XYZ Inc., ..., Larry Doe at ABC Inc, Paul Doe at ABC Inc,... - I want them to authenticate by login, password and Private/client certificate - I have a web site which displays information based on the above authentication. The same page displays info based on your company affiliation (database and certificate) - Everyone at XYZ Inc. can view their information only. That client's cert decrypts their data from the database so no one but that company can read their data even if the database was stolen. Here's what I have read and learned: - the web server encrypts using the public key - if the data to encrypt > 56 bytes: - generate a random key - encrypt using symmetric encryption with that key - encrypt the key using public key - store encrypted random key in db field - if the data to encrypt <= 56 bytes: - encrypt data to db field using public key What I am trying to get my hands around (looking for reading material on these): - would everyone from the same company use the same private key or would you issue a separate one to each person? - is there any easy way to manage all these keys? - if you chose not to self-sign, do CA' charge for each private cert? - I have a web site with a self-signed cert that was generated by the hosting company. Let's assume I want to use the self-signed cert to generate all private certs. - is the self-signed cert what I use for the CA? - would I generate a new cert from the CA (me) for each client and use that client cert to generate private certs for everyone at the client? You can see I am at the beginning stages of my learning and appreciate any links or recommended reading material to help me through this as quickly as possible. Many thanks! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
