|
Posted by Gary Reynolds on October 31, 2006, 2:16 pm
Please log in for more thread options
Hi Chris,
The main thing that you need to consider is trust, the person receiving your
email must trust the root ca from which your certificate is issued in order
to verify that email has come from you. If you use you internal CA external
users will not trust your root CA. There are a number of public CA that can
provide you with a certificate for your issuing CA that is chained off a
trusted root CA certificate. This provides verification that you are who
you say you are.
Another option is use a user credential services that are specifically
designed to provide certificate for users to sign emails\docs and client
authentication. Similar to the free email certificate most public CA
provide but you control the enrollment and revocation of certificates. Have
a look at the Verisign and GeoTrust.
Gary.
> Hi, i have been able to setup certificates and radius authentication on
>
> my example.local domain. I have my root enterprise CA issuing
> certificates and all is well (certificates show rootca.example.local as
>
> the issuer).
>
> I am considering the posibilities of using certificates to sign the
> users email, rather than roll out a new cert infrastructure can i
> implement my own inhouse certificate infrastructure even though my
> active directory domain name is example.local, whereas our email domain
>
> is example.com?
>
>
> Is there anyway which i can issue certificates to computers in the
> active directory but use the example.com certificates instead?
>
>
> I hope this makes sense
>
>
> Thanks,
>
>
> Chris
>
| 
XML Sitemap