Re: what certificate to buy from Verisign ?

From: <jason.chen@xxxxxxxxxxxxxxxxx>
Date: Sun, 18 Sep 2005 16:13:51 -0400

thanks steven for following up, I guess I have to schedule a call with
verisign to work this out then.

-Jason

"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Jason,
>
> Server certificate is used by server service, and is not necessary for
> client app. For client side, there has Client Authentication Certificate
> respectively. In fact, you find a certain windows 2000 or 2003 server
> machine which can install the Microsoft Certificate Service, so that you
> can create/send certificate request to it , from which you can see those
> most popular types of certificates. In addition, professional Authority
> like Verisign will have much more types of certificates available, so I
> still think it better you consult them on your scenario.
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
>
>
> --------------------
> From: <jason.chen@xxxxxxxxxxxxxxxxx>
> References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: what certificate to buy from Verisign ?
> Date: Thu, 15 Sep 2005 23:52:07 -0400
> Lines: 146
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> Message-ID: <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> NNTP-Posting-Host: a7cebc02.cst.lightpath.net 167.206.188.2
> Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.dotnet.framework.webservices.enhancements:4897
> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
>
> hi Steven,
> I'd like X509 certificate to be used by both client and server, you
> mentioned the server side can use a regular SSL certificate, can client
also
> use a regular ssl certificate on client side?
>
> thanks,
> -Jason
>
> "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
> > Thanks for your response Jason,
> >
> > As for the webservice client, it all depends on your application's
> security
> > authetication design. If you server doesn't use some authentication
schema
> > which require client certificates(x509 authentication based token
> > authentication....) or the server dosn't require the client to use a
> > certain certificate to identitfy clientside, then client app do not need
> to
> > have a own certificate. This is just like when we use SSL without
> > requiring clientside certificate. Also, since you're using WSE, if
you
> > have used x509 certificate token to sign message at both
> client/serverside,
> > then, the clientside also must have its own certificate.
> >
> > Thanks,
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
> >
> > --------------------
> > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: what certificate to buy from Verisign ?
> > Date: Thu, 15 Sep 2005 10:19:53 -0400
> > Lines: 83
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > Message-ID: <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> > Xref: TK2MSFTNGXA01.phx.gbl
> > microsoft.public.dotnet.framework.webservices.enhancements:4884
> > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
> >
> > thanks Steven, I guess the server side can just purchase the normal
> > webserver certificate, what about the client side who consumes the
> > webservice? should they also get a normal webserver certificate or
> something
> > particular?
> >
> > many thanks,
> > -jason
> >
> > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
> > > Hi Jason,
> > >
> > > AS for the Certificate type you mentioned, for your scenario, since
the
> > > certificate is mainly used to identitfy your server application and
> build
> > a
> > > secure communication channel between client/server, I think a normal
web
> > > server certificate is enough. Of course, there must has some guys
from
> > > Verisign who will help you find the proper certificate for yoru
> > > application.
> > >
> > > Thanks,
> > >
> > > Steven Cheng
> > > Microsoft Online Support
> > >
> > > Get Secure! www.microsoft.com/security
> > > (This posting is provided "AS IS", with no warranties, and confers no
> > > rights.)
> > >
> > >
> > > --------------------
> > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > Subject: what certificate to buy from Verisign ?
> > > Date: Wed, 14 Sep 2005 12:52:04 -0400
> > > Lines: 29
> > > X-Priority: 3
> > > X-MSMail-Priority: Normal
> > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > Message-ID: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> > > Xref: TK2MSFTNGXA01.phx.gbl
> > > microsoft.public.dotnet.framework.webservices.enhancements:4873
> > > X-Tomcat-NG:
microsoft.public.dotnet.framework.webservices.enhancements
> > >
> > > Hi, my company plans to use WSE2.0 sp3 to secure the webservice
> > > communication between us and the client. now that we are looking at
> > Verisign
> > > on what exactly to buy but the sales person at Verisign were not very
> > > helpful. and MSDN didn't provide any information on what exact
> certificate
> > > to buy from Verisign either, all it says is get certificate from a
> trusted
> > > CA, for example: Verisign.
> > >
> > > could someone point out which product to buy from verisign?
> > >
> > > some information on what I found so far:
> > >
> > > 1. after searched around, seems a lot of people are complaining
Verisign
> > > sales have no idea what to buy to encrypt and sign web services.
> > >
> > > 2. some people seem got regular SSL certificates working to encrypt
and
> > > sign web service request, but will there be performance issues? is it
> > > recommened by Microsoft that an existing SSL certificate can be used
for
> > > encrypt and sign webservice requests?
> > >
> > > 3. some people in various newsgroups are talking about using the
Digital
> > ID
> > > product from Verisign to encrypt and sign webservice requests,
> > >
> >
>
(http://www.verisign.com/products-services/security-services/pki/pki-applica
> > > tion/email-digital-id/index.html), this is a product from Verisign to
> > secure
> > > emails. is this correct to use Digital ID? this thing is much cheaper
> than
> > > regular SSL certificates, only $19.99/Year
> > >
> > > Please help, thanks a lot.
> > >
> > >
> > >
> >
> >
> >
>
>
>

.

Follow-Ups:
- Re: what certificate to buy from Verisign ?
  - From: Steven Cheng[MSFT]

References:
- what certificate to buy from Verisign ?
  - From: jason.chen
- RE: what certificate to buy from Verisign ?
  - From: Steven Cheng[MSFT]
- Re: what certificate to buy from Verisign ?
  - From: jason.chen
- Re: what certificate to buy from Verisign ?
  - From: Steven Cheng[MSFT]
- Re: what certificate to buy from Verisign ?
  - From: jason.chen
- Re: what certificate to buy from Verisign ?
  - From: Steven Cheng[MSFT]

Prev by Date: Re: WSE 3 - usernameOverCertificate and secure conversation
Next by Date: how can we restrict what certificate WSE will use?
Previous by thread: Re: what certificate to buy from Verisign ?
Next by thread: Re: what certificate to buy from Verisign ?
Index(es):
- Date
- Thread

Relevant Pages

Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: LDP client authentication fails
... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
(microsoft.public.windows.server.active_directory)
Re: SSL & Man In the Middle Attack
... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
(comp.security.misc)
Re: activesync issue
... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
(microsoft.public.windows.server.sbs)
Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
... order to detect we are connected to the wrong server (even though its SSL ... certificate is OK and valid by Verisign); we would need a client certificate. ... this can be detected by SSL/HTTPS client in ...
(microsoft.public.dotnet.framework.aspnet.security)