WebApp Sec mailing list archives
Re: Open Source Certificate authority
From: Chackan Lai <calai () usa net>
Date: Tue, 23 Sep 2003 11:39:16 -0700
Hi,The warnings happen because the root CA certificates are not installed on the client browser. If your application do not use a browser, just install the entire certificate chain on the client/server application and you would not see any certificate warnings. Unless you install the certificate chain, any certificates issued would still generate the warning regardless of Openssl or MS cert authority.
Regards, Chackan Jared Ingersoll wrote:
Thanks for all of the useful info. Let me narrow my request one step more so I don't spend any time installing and configuring something that does not work. The point of using an alternate Certificate Authority is to mimic the exact communication between the client and server. Our application has an interface to it that 3rd parties develop their own tools to utilize. These tools are not browsers. Anything like a certificate warning for the certificate authority, mismatch domain name or (expiration) will cause the exchange of information to fail (or error out). The automated tools we use in testing behave the same. So to clarify: 1. Is there an app that anyone is familiar with that will duplicate Verisign's Certificate Authority in a way that would eliminate any type of warning. (It seems like apache and openssl are out). 2. Does freshmeats.com's CAtool, MS Cert Authority, or any other software supply certificates that would not present any warning message? Thanks again! Jared -----Original Message----- From: Don Fike [mailto:fike () cs utk edu] Sent: Tuesday, September 23, 2003 11:08 AM To: Jared Ingersoll Cc: 'sectools () securityfocus com'; 'webappsec () securityfocus com' Subject: Re: Open Source Certificate authority You can try using openssl; http://www.openssl.org/docs/HOWTO/keys.txt http://www.openssl.org/docs/HOWTO/certificates.txt On Tue, 23 Sep 2003, Jared Ingersoll wrote:Hi Folks, I am looking for an open source or freely available tool (and/or documentation) that I can use to create 40-bit https certificates to useinconjunction with iPLanet 6 (SunOne) enterprise servers on SunOS. We currently are in the middle of a project of creating a QA environmentwherewe need to duplicate several sites served over https. Obviously, thesecertswill need to work with common browsers such as IE and Netscape. Currentlyweuse verisign to create these certs, but at $250 a pop, the cost adds up quickly. I'm open to any unix variant or MS platform. gracias, jared.
Current thread:
- Open Source Certificate authority Jared Ingersoll (Sep 23)
- Re: Open Source Certificate authority Don Fike (Sep 23)
- Re: Open Source Certificate authority Keith W. McCammon (Sep 23)
- <Possible follow-ups>
- RE: Open Source Certificate authority Tenorio, Leandro (Sep 23)
- RE: Open Source Certificate authority Jared Ingersoll (Sep 23)
- Re: Open Source Certificate authority Alex Russell (Sep 23)
- Re: Open Source Certificate authority George W. Capehart (Sep 24)
- Re: Open Source Certificate authority Chackan Lai (Sep 23)
- Re: Open Source Certificate authority Keith W. McCammon (Sep 24)
- RE: Open Source Certificate authority Dave Ockwell-Jenner (Sep 24)
- Re: Open Source Certificate authority Dorian Moore (Sep 24)
- RE: Open Source Certificate authority TUER, DON (Sep 24)
- Re: Open Source Certificate authority Alex Russell (Sep 23)
- RE: Open Source Certificate authority Lapinski, Michael (Research) (Sep 23)
- RE: Open Source Certificate authority Tenorio, Leandro (Sep 23)
- RE: Open Source Certificate authority Chip Kelly (Sep 24)
- RE: Open Source Certificate authority Lapinski, Michael (Research) (Sep 24)
- RE: Open Source Certificate authority Jared Ingersoll (Sep 24)
- RE: Open Source Certificate authority Law, Gary, (FNB) (Sep 24)
(Thread continues...)