From owner-freebsd-ports@FreeBSD.ORG Fri Apr 27 16:57:27 2007 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2747616A402; Fri, 27 Apr 2007 16:57:27 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp2.utdallas.edu (smtp2.utdallas.edu [129.110.10.33]) by mx1.freebsd.org (Postfix) with ESMTP id 0AA9013C459; Fri, 27 Apr 2007 16:57:26 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) by smtp2.utdallas.edu (Postfix) with ESMTP id 7F57F5C3C9; Fri, 27 Apr 2007 11:57:26 -0500 (CDT) Date: Fri, 27 Apr 2007 11:57:26 -0500 From: Paul Schmehl To: freebsd-ports@freebsd.org Message-ID: In-Reply-To: <200704270952.45012.david@vizion2000.net> References: <200704270739.19254.david@vizion2000.net> <200704270952.45012.david@vizion2000.net> X-Mailer: Mulberry/4.0.6 (Linux/x86) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========BCE55AE8EB8F51CFB858==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: ports@freebsd.org Subject: Re: certificate issuing for mail list users X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2007 16:57:27 -0000 --==========BCE55AE8EB8F51CFB858========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Friday, April 27, 2007 09:52:44 -0700 David Southwell=20 wrote: > > I think I may not have been clear on this posting because you seem to be > misunderstanding my question. I have been very appreciative of the > responses I have received. > > I now moving on from that point and want to know if someone has built a > web interface that enables people to request certificates and supply > them so as to integrate certificate issuing into the total problem > solution. Yes. Verisign has. It sucks, although for the purpose for which you=20 intend to use it, it would suck less. I'm assuming you want to issue a single cert to each user, not separate=20 signing and encryption certs? Verisign has two ways that you can do that. You can use their servers, which requires that the administrators intervene = with each request for a cert. This is not burdensome if you're only going=20 to be issuing a few dozen certs. If you're going to be issuing hundreds,=20 you want to avoid this system. You can install your own, locally-hosted, certificate system. So long as=20 all you're doing is issuing certs, and you're not trying to intergrate with = Exchange, that system works fine. The Exchange integration is extremely=20 fragile and breaks in interesting ways that are difficult to troubleshoot. There may be other competitors now, but I am not aware of them. --=20 Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========BCE55AE8EB8F51CFB858==========--