General discussion

Locked

CSR Validation

By patrick.bisaillon ·
Our organization is interested in buying a 128-bit SSL Certificate to install on a Web Server located in a LAB. The only purpose of this certificate will be to test our Web application using HTTPS (128-bit). Since it will be used only by our Lab experts, we only care about the key that helps providing the encryption and not by the authenticity the certificate garantees. In other words, is there any way to validate our CSR so we can install it and test our application without buying a full Server Certificate -used normaly for public web site- ? Thawte.com has a free trial of 21 days but this can't be an option since we will need it for a while.

Thanks very much
Patrick.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

CSR Validation

by Shanghai Sam In reply to CSR Validation

I may be missing something on this question, but if you are just operating in a lab, then you can install your own Certificate Root and generate your own certificates. When using SSL only to provide protection of traffic and not authentication of the server identity you can use your own certificate server. If you need to have the clients authenticate the certificates and provide confirmation of the servers’ identity then you can install your own Enterprise Root on the test network. You can then configure the clients to list your CA as trusted in their browser settings.

The only reason to purchase a certificate from Verisign or such is if you want your end users to be able to verify that the web server they are talking to is really your web server. One of the bigger problems with this is that even if you get a certificate from a third party source, many users just click by the messages telling them that the certificate name does not match the domain.

In the production version of your system, you still only need your own certificate server if you still only intend to protect the traffic. Remember that in most cases you need to name the certificate exactly the same as the domain you are operating in or users will get a message telling them that the certificate does not appear to match the domain. If you ultimately need users to be able to authenticate your server, only then will you have to purchase a third party certificate.

Collapse -

CSR Validation

by patrick.bisaillon In reply to CSR Validation

Hi,
Thanks for your help. Well, as you are saying, I found last friday that it is possible to create a self-signed certificate, but I do not understand how I can do this ? Unfourtunately, I can't seem to find how to do it with IIS4. I know how to create a CSR (create new Key in Key Manager) but what are the steps required to validate this CSR so I can use it normaly and complete the installation of the key created to generate this CSR so that I can bind the self-signed certificate to a web site on my web server ?

Hope you will understand my question, sorry for the possible confusion.

I will be glad to rate this question Acceptable and give you your points as soon as you can reply to this comment.

Thanks a bunch.

Collapse -

CSR Validation

by patrick.bisaillon In reply to CSR Validation

This question was closed by the author

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums