Re: "intermediate" CA status?

lin geng Fri, 10 Dec 1999 18:30:31 -0800

-----Original Message-----
From: Hakan Tandogan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, December 09, 1999 11:52 AM
Subject: "intermediate" CA status?


>
> Hi,
>
> We are designing a Web-bases application that will use client
>certificates as an alternate possibility of authentification. There seem to
be
>xxx options.
>
> First, we could create our own CA and assign the users self-generated
>certificates. This has the drawback that the user get all those warning
dialogs
>(our user will most likely be the non-technical, easy-to-panic type).
>
> Another possibility would be to have them get certificates from, say,
>thawte. We would map those certificates to our internal database. Downside:
the
>users will have to go to another server they possibly know nothing about.
>Remember that they are most likely non-technical people.
>
> This leads to the third version, of which I don't know if it is
>possible at all. Does any of the well-known root-CA's assign "intermediate"
>certificates, allowing us to create client certificates without "shocking"
the
>users with the warning dialogs?


I think the answer is yes.  You can be your own CA but not a root CA.
Verisign, for instance, will issue you a CA certificate.  You can then be
part of the certificate chain and start issueing certificates.  They
probablly charge you depending on the number of certs you want to issue.

Cheers

>
> I would be most grateful for any further versions to consider.
>
>
> Regards,
> Hakan
>
>--
>Hakan Tandogan                                       [EMAIL PROTECTED]
>
>ICONSULT Tandogan - Egerer GbR                   Tel.: +49-9131-9047-0
>Memelstrasse 38 - D-91052 Erlangen               Fax.: +49-9131-9047-77
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: "intermediate" CA status?

Reply via email to
