Re: what certificate to buy from Verisign ?

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Thanks for your response Jason,
\par
\par As for the webservice client, it all depends on your application's security authetication design. If you server doesn't use some authentication schema which require client certificates(x509 authentication based token authentication....) or the server dosn't require the client to use a certain certificate to identitfy clientside, then client app do not need to have a own certificate. This is just like when we use SSL without requiring clientside certificate. Also, since you're using WSE, if you have used x509 certificate token to sign message at both client/serverside, then, the clientside also must have its own certificate.
\par
\par Thanks,
\par
\par Steven Cheng
\par Microsoft Online Support
\par
\par Get Secure! www.microsoft.com/security
\par (This posting is provided "AS IS", with no warranties, and confers no rights.)
\par
\par
\par \pard\li720 --------------------
\par From: <jason.chen@xxxxxxxxxxxxxxxxx>
\par References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx> <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
\par Subject: Re: what certificate to buy from Verisign ?
\par Date: Thu, 15 Sep 2005 10:19:53 -0400
\par Lines: 83
\par X-Priority: 3
\par X-MSMail-Priority: Normal
\par X-Newsreader: Microsoft Outlook Express 6.00.3790.326
\par X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
\par Message-ID: <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
\par Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
\par Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
\par Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:4884
\par X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par
\par thanks Steven, I guess the server side can just purchase the normal
\par webserver certificate, what about the client side who consumes the
\par webservice? should they also get a normal webserver certificate or something
\par particular?
\par
\par many thanks,
\par -jason
\par
\par "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par news:NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
\par > Hi Jason,
\par >
\par > AS for the Certificate type you mentioned, for your scenario, since the
\par > certificate is mainly used to identitfy your server application and build
\par a
\par > secure communication channel between client/server, I think a normal web
\par > server certificate is enough. Of course, there must has some guys from
\par > Verisign who will help you find the proper certificate for yoru
\par > application.
\par >
\par > Thanks,
\par >
\par > Steven Cheng
\par > Microsoft Online Support
\par >
\par > Get Secure! www.microsoft.com/security
\par > (This posting is provided "AS IS", with no warranties, and confers no
\par > rights.)
\par >
\par >
\par > --------------------
\par > From: <jason.chen@xxxxxxxxxxxxxxxxx>
\par > Subject: what certificate to buy from Verisign ?
\par > Date: Wed, 14 Sep 2005 12:52:04 -0400
\par > Lines: 29
\par > X-Priority: 3
\par > X-MSMail-Priority: Normal
\par > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
\par > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
\par > Message-ID: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
\par > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
\par > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
\par > Xref: TK2MSFTNGXA01.phx.gbl
\par > microsoft.public.dotnet.framework.webservices.enhancements:4873
\par > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par >
\par > Hi, my company plans to use WSE2.0 sp3 to secure the webservice
\par > communication between us and the client. now that we are looking at
\par Verisign
\par > on what exactly to buy but the sales person at Verisign were not very
\par > helpful. and MSDN didn't provide any information on what exact certificate
\par > to buy from Verisign either, all it says is get certificate from a trusted
\par > CA, for example: Verisign.
\par >
\par > could someone point out which product to buy from verisign?
\par >
\par > some information on what I found so far:
\par >
\par > 1. after searched around, seems a lot of people are complaining Verisign
\par > sales have no idea what to buy to encrypt and sign web services.
\par >
\par > 2. some people seem got regular SSL certificates working to encrypt and
\par > sign web service request, but will there be performance issues? is it
\par > recommened by Microsoft that an existing SSL certificate can be used for
\par > encrypt and sign webservice requests?
\par >
\par > 3. some people in various newsgroups are talking about using the Digital
\par ID
\par > product from Verisign to encrypt and sign webservice requests,
\par >
\par (http://www.verisign.com/products-services/security-services/pki/pki-applica
\par > tion/email-digital-id/index.html), this is a product from Verisign to
\par secure
\par > emails. is this correct to use Digital ID? this thing is much cheaper than
\par > regular SSL certificates, only $19.99/Year
\par >
\par > Please help, thanks a lot.
\par >
\par >
\par >
\par
\par
\par \pard
\par
\par }