Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: Open Source Certificate authority
From: TUER, DON (don.tuercgi.com)
Date: Tue Sep 23 2003 - 13:11:25 CDT
Windows 2000 comes with a certificate server that you can generate
any type you might need. To avoid the errors you need to import the root
server certificate so any subordinate certificates don't generate an error.
This will be true for any certificate generated by a certificate server that
is not listed as one of the trusted root certificate authorities. For
Windows 2000 you do this through the MMC snap-in for certificate management.
From: Jared Ingersoll [mailto:jaredcswv.com]
Sent: September 23, 2003 12:11 PM
To: 'sectoolssecurityfocus.com'; 'webappsecsecurityfocus.com'
Subject: RE: Open Source Certificate authority
Thanks for all of the useful info. Let me narrow my request one step more so
I don't spend any time installing and configuring something that does not
work. The point of using an alternate Certificate Authority is to mimic the
exact communication between the client and server. Our application has an
interface to it that 3rd parties develop their own tools to utilize. These
tools are not browsers. Anything like a certificate warning for the
certificate authority, mismatch domain name or (expiration) will cause the
exchange of information to fail (or error out). The automated tools we use
in testing behave the same. So to clarify:
1. Is there an app that anyone is familiar with that will duplicate
Verisign's Certificate Authority in a way that would eliminate any type of
warning. (It seems like apache and openssl are out).
2. Does freshmeats.com's CAtool, MS Cert Authority, or any other software
supply certificates that would not present any warning message?
From: Don Fike [mailto:fikecs.utk.edu]
Sent: Tuesday, September 23, 2003 11:08 AM
To: Jared Ingersoll
Cc: 'sectoolssecurityfocus.com'; 'webappsecsecurityfocus.com'
Subject: Re: Open Source Certificate authority
You can try using openssl;
On Tue, 23 Sep 2003, Jared Ingersoll wrote:
> Hi Folks,
> I am looking for an open source or freely available tool (and/or
> documentation) that I can use to create 40-bit https certificates to use
> conjunction with iPLanet 6 (SunOne) enterprise servers on SunOS. We
> currently are in the middle of a project of creating a QA environment
> we need to duplicate several sites served over https. Obviously, these
> will need to work with common browsers such as IE and Netscape. Currently
> use verisign to create these certs, but at $250 a pop, the cost adds up
> quickly. I'm open to any unix variant or MS platform.