WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Open Source Certificate authority

From: "Tenorio, Leandro" <ltenorio () intelaction com>
Date: Tue, 23 Sep 2003 14:12:14 -0300
U will receive a warning message unless u use a truhtfully certicate
autority like verisign. On the other hand if you install the certificate
created with any product the first time u use, u will never receive a
warning message again.



-----Original Message-----
From: Jared Ingersoll [mailto:jared () cswv com] 
Sent: Tuesday, September 23, 2003 1:11 PM
To: 'sectools () securityfocus com'; 'webappsec () securityfocus com'
Subject: RE: Open Source Certificate authority

Thanks for all of the useful info. Let me narrow my request one step
more so I don't spend any time installing and configuring something that
does not work.  The point of using an alternate Certificate Authority is
to mimic the exact communication between the client and server. Our
application has an interface to it that 3rd parties develop their own
tools to utilize. These tools are not browsers. Anything like a
certificate warning for the certificate authority, mismatch domain name
or (expiration) will cause the exchange of information to fail (or error
out). The automated tools we use in testing behave the same. So to
clarify:

1. Is there an app that anyone is familiar with that will duplicate
Verisign's Certificate Authority in a way that would eliminate any type
of warning. (It seems like apache and openssl are out).
2. Does freshmeats.com's CAtool, MS Cert Authority, or any other
software supply certificates that would not present any warning message?

Thanks again!

Jared

-----Original Message-----
From: Don Fike [mailto:fike () cs utk edu]
Sent: Tuesday, September 23, 2003 11:08 AM
To: Jared Ingersoll
Cc: 'sectools () securityfocus com'; 'webappsec () securityfocus com'
Subject: Re: Open Source Certificate authority



You can try using openssl;

http://www.openssl.org/docs/HOWTO/keys.txt

http://www.openssl.org/docs/HOWTO/certificates.txt



On Tue, 23 Sep 2003, Jared Ingersoll wrote:


Hi Folks,

I am looking for an open source or freely available tool (and/or
documentation) that I can use to create 40-bit https certificates to 
use

in

conjunction with iPLanet 6 (SunOne) enterprise servers on SunOS. We 
currently are in the middle of a project of creating a QA environment

where

we need to duplicate several sites served over https. Obviously, these

certs

will need to work with common browsers such as IE and Netscape. 
Currently

we

use verisign to create these certs, but at $250 a pop, the cost adds 
up quickly. I'm open to any unix variant or MS platform.


gracias,
jared
Previous By Date Next
Previous By Thread Next

Current thread: