Certificate Servers

Certificates are an authentication tool which can be used at both the client and server level. However this leads to a problem … if you wish to issue certificates to clients (or individual users) are you going to want to go through a CA to get each one ? The answer is likely to be no.
To cater for this Certificate Servers are beginning to emerge. These are servers which are specifically intended to issue, check and revoke certificates. They make use of the chain of trust which is present in certificate systems:

Your obtain a certificate for your certificate server from a CA

The Certificate Server then issues certificates to clients which are authorised with its own certificate.

Clients can follow the chain of trust back to the CA whose certificate they already have and trust.

Other solutions and methods are beginning to emerge specifically for use in an intranet environment. Using Microsoft’s Internet Explorer Administrators Kit or the Netscape Navigator Administrator’s Kit you can pre-load certificates to the lists contained within those browsers. In this way you could remove the certificates already present and add the one which applies to your certificate server. This then means that the browsers trust any certificates issued by your server but not those issued by any other server. You could also keep the initial set of certificates and so retain the ability to trust certificates issued by those other than your own certificate server.

[ Contents ] [ DNS ] [ p6spy ] [ Weblogic Tuning ] [ Cactus ] [ The Grinder ] [ Word to PDF ]