Hi Steve. I think I can help you on this one. Give me a call at 215-538-3535
and ask for Tom Nichols.
Steve wrote:
> Hello All,
>
> I have a question regarding the use of certificates in IE 5+ and Netscape
> 4.7+. We have written a small customised SSL web server using OpenSSL,
> etc... This web server is only to be made available to employees of the
> customer company, using SSL to secure the link and a login mechanism to
> validate users.
> Up until now we have always tested it using a self-signed cert/key pair, but
> soon we will be installing it in several customer sites which leads us to
> the question:
>
> Can we apply for a certificate from a CA and us it to sign the certificates
> for our customers, ie. can we chain the certificates in a hierarchical
> manner?
>
> If we couldn't do this, what would be the issues to consider about issuing
> certificates to our customers signed only by us, bearing in mind that the
> trust issue is simpler for us as all parties already have a stronger trust
> by being collegues etc... I understand that the browser will bitch a bit
> about untrusted certificates but that they can be accepted/trusted after the
> first use.
>
> I would also assume that the certificates of the CA's have been hard-wired
> into their EXE's so that installing our certificate into the browser a new
> CA is impossible? I'm guessing on this one.
>
> Any light-shedding would be appreciated,
>
> TIA,
>
> Stephen.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
