Re: what certificate to buy from Verisign ?

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Hi Jason,
\par
\par Server certificate is used by server service, and is not necessary for client app. For client side, there has Client Authentication Certificate respectively. In fact, you find a certain windows 2000 or 2003 server machine which can install the Microsoft Certificate Service, so that you can create/send certificate request to it , from which you can see those most popular types of certificates. In addition, professional Authority like Verisign will have much more types of certificates available, so I still think it better you consult them on your scenario.
\par
\par Thanks,
\par
\par Steven Cheng
\par Microsoft Online Support
\par
\par Get Secure! www.microsoft.com/security
\par (This posting is provided "AS IS", with no warranties, and confers no rights.)
\par
\par
\par
\par
\par \pard\li720 --------------------
\par From: <jason.chen@xxxxxxxxxxxxxxxxx>
\par References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx> <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx> <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx> <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
\par Subject: Re: what certificate to buy from Verisign ?
\par Date: Thu, 15 Sep 2005 23:52:07 -0400
\par Lines: 146
\par X-Priority: 3
\par X-MSMail-Priority: Normal
\par X-Newsreader: Microsoft Outlook Express 6.00.3790.326
\par X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
\par Message-ID: <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
\par Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par NNTP-Posting-Host: a7cebc02.cst.lightpath.net 167.206.188.2
\par Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
\par Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:4897
\par X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par
\par hi Steven,
\par I'd like X509 certificate to be used by both client and server, you
\par mentioned the server side can use a regular SSL certificate, can client also
\par use a regular ssl certificate on client side?
\par
\par thanks,
\par -Jason
\par
\par "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par news:dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
\par > Thanks for your response Jason,
\par >
\par > As for the webservice client, it all depends on your application's
\par security
\par > authetication design. If you server doesn't use some authentication schema
\par > which require client certificates(x509 authentication based token
\par > authentication....) or the server dosn't require the client to use a
\par > certain certificate to identitfy clientside, then client app do not need
\par to
\par > have a own certificate. This is just like when we use SSL without
\par > requiring clientside certificate. Also, since you're using WSE, if you
\par > have used x509 certificate token to sign message at both
\par client/serverside,
\par > then, the clientside also must have its own certificate.
\par >
\par > Thanks,
\par >
\par > Steven Cheng
\par > Microsoft Online Support
\par >
\par > Get Secure! www.microsoft.com/security
\par > (This posting is provided "AS IS", with no warranties, and confers no
\par > rights.)
\par >
\par >
\par > --------------------
\par > From: <jason.chen@xxxxxxxxxxxxxxxxx>
\par > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
\par > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
\par > Subject: Re: what certificate to buy from Verisign ?
\par > Date: Thu, 15 Sep 2005 10:19:53 -0400
\par > Lines: 83
\par > X-Priority: 3
\par > X-MSMail-Priority: Normal
\par > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
\par > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
\par > Message-ID: <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
\par > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
\par > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
\par > Xref: TK2MSFTNGXA01.phx.gbl
\par > microsoft.public.dotnet.framework.webservices.enhancements:4884
\par > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par >
\par > thanks Steven, I guess the server side can just purchase the normal
\par > webserver certificate, what about the client side who consumes the
\par > webservice? should they also get a normal webserver certificate or
\par something
\par > particular?
\par >
\par > many thanks,
\par > -jason
\par >
\par > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
\par > news:NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
\par > > Hi Jason,
\par > >
\par > > AS for the Certificate type you mentioned, for your scenario, since the
\par > > certificate is mainly used to identitfy your server application and
\par build
\par > a
\par > > secure communication channel between client/server, I think a normal web
\par > > server certificate is enough. Of course, there must has some guys from
\par > > Verisign who will help you find the proper certificate for yoru
\par > > application.
\par > >
\par > > Thanks,
\par > >
\par > > Steven Cheng
\par > > Microsoft Online Support
\par > >
\par > > Get Secure! www.microsoft.com/security
\par > > (This posting is provided "AS IS", with no warranties, and confers no
\par > > rights.)
\par > >
\par > >
\par > > --------------------
\par > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
\par > > Subject: what certificate to buy from Verisign ?
\par > > Date: Wed, 14 Sep 2005 12:52:04 -0400
\par > > Lines: 29
\par > > X-Priority: 3
\par > > X-MSMail-Priority: Normal
\par > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
\par > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
\par > > Message-ID: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
\par > > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
\par > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
\par > > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
\par > > Xref: TK2MSFTNGXA01.phx.gbl
\par > > microsoft.public.dotnet.framework.webservices.enhancements:4873
\par > > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
\par > >
\par > > Hi, my company plans to use WSE2.0 sp3 to secure the webservice
\par > > communication between us and the client. now that we are looking at
\par > Verisign
\par > > on what exactly to buy but the sales person at Verisign were not very
\par > > helpful. and MSDN didn't provide any information on what exact
\par certificate
\par > > to buy from Verisign either, all it says is get certificate from a
\par trusted
\par > > CA, for example: Verisign.
\par > >
\par > > could someone point out which product to buy from verisign?
\par > >
\par > > some information on what I found so far:
\par > >
\par > > 1. after searched around, seems a lot of people are complaining Verisign
\par > > sales have no idea what to buy to encrypt and sign web services.
\par > >
\par > > 2. some people seem got regular SSL certificates working to encrypt and
\par > > sign web service request, but will there be performance issues? is it
\par > > recommened by Microsoft that an existing SSL certificate can be used for
\par > > encrypt and sign webservice requests?
\par > >
\par > > 3. some people in various newsgroups are talking about using the Digital
\par > ID
\par > > product from Verisign to encrypt and sign webservice requests,
\par > >
\par >
\par (http://www.verisign.com/products-services/security-services/pki/pki-applica
\par > > tion/email-digital-id/index.html), this is a product from Verisign to
\par > secure
\par > > emails. is this correct to use Digital ID? this thing is much cheaper
\par than
\par > > regular SSL certificates, only $19.99/Year
\par > >
\par > > Please help, thanks a lot.
\par > >
\par > >
\par > >
\par >
\par >
\par >
\par
\par
\par \pard
\par
\par }