SSL, How does it work... possible to set up SSL without a CA like Verisign..?
Dear Friendly Folks,
Could anyone explain or point out on the net, how
SSL works? Is it possible to set up a publicly
accessable SSL pages without a certificate from a
CA? (I have full control on the web server
which is unfortunately NT4 IIS4[company policy])
When one visits a SSL secure page, is the CA
server contacted to verify the ertificate?
Sorry a lot of Qs...
Desperately need the info...
Last edited by JumpUp; 09-27-2001 at 02:58 AM.
No, basically a Certificate Authority such as Verisign is contacted when you require SSL on a website/webserver. They then go thru their paces to verify that you (as a company or individual) are indeed who you say you are, etc. etc. You are then emailed a key, for IIS4 in your case. You install that onto your server and you're good to go... also make sure port 443 is open.
You can distribute your own certificates if you run a Certificate Server locally.
EDIT>> You may also find this helpful: http://www.iisfaq.com/SSL/
By the way... Welcome to SYSOPT !!
Last edited by rh71; 09-27-2001 at 03:33 PM.
If you do run your own CertServer from MS or something, you will not be on the list of "Trusted Authorities"
So if you're trying to run an e-commerce site when a potential customer comes up to your site and says I want to now put in my personal information so he goes to that page once you put in page for https and it starts to send the private key to the user his browser is going to throw a fit. Basically it will just bring up a box with a nice little exclamation point stating that your certificate "is not from a trusted authority"
This process really has nothing to do with IIS specifically. In that I mean even if you were to run apache on linux this process still follows and the browser would still come up that you are not a trusted authority.
One case where you could use your own cert server is intranet. Then when they get the warning, they may know its ok.
Hope it helps a little
that helps me too.
Thanks a lot rh71 and vass0922...
Thant helps me a great deal...
Essentially I'm trying to setup ,sort of, an intranet
and wanted the authentication process to be secure
since they will be accessing it while travelling.
So it dosent really matter if it from a CA or not...
From what you have said I understand I will have to run a
Last edited by JumpUp; 09-28-2001 at 04:14 AM.
Yes you will. If you have IIS 4.0 it comes with MS Certificate server and that does allow for 128 bit encryption if I'm not mistaken
New Security Features Planned for Firefox 4
Another Laptop Theft Exposes 21K Patients' Data
Oracle Hits to Road to Pitch Data Center Plans
Microsoft Preps Array of Windows Patches
Microsoft Nears IE9 Beta With Final Preview
Simplified Analytics Improve CRM, BI Tools
Android Passes RIM as Top Mobile OS in 2Q
VMware Updates Hyperic System Management
File Monitoring Key to Enterprise Security
LinkedIn Snaps Up SaaS Player mSpoke