locked
Cacert.org for OCS certificates? RRS feed

  • Question

  •  

    Via http://www.cacert.org/ you can get free server certificates. Has anyone tried to apply those certificates on the OCS Edge servers?

     

    I'm curious...

     

    /Thomas

    Tuesday, March 18, 2008 8:19 AM

All replies

  • It might work for some scenario's but don't trust on it for PIC access and Federations

    On my machine the cacert.org certificates are not trusted so I doubt it will work

     

    This is the official supported list of Certificate Providers

    http://support.microsoft.com/kb/929395

     

     

     

    Tuesday, March 18, 2008 11:15 AM
  • You could go that route, but you'd still need to deal with installing and trusting root CAs or chained CA's. Much easier to go with a private CA internally and then public certs on your Edge.
    Tuesday, March 18, 2008 6:27 PM
  • I have an internal CA. In fact all the servers have certificates from the internal CA. I was wondering if I could use the CACERT certificates for the External Edge server (that is part of a test/pilot environment).

    /Thomas
    Tuesday, March 18, 2008 7:09 PM
  • If it is the trust list of your clients then you can try but then again an internal CA will work just as fine

    Keep in mind that Tanjay phones typically trust only a few certificate providers and most certainly not cacert

     

     

    Tuesday, March 18, 2008 9:40 PM
  • Thanks for thoughts!

    Cheers,

    Thomas
    Wednesday, March 19, 2008 6:11 AM
  •  ThomasW wrote:
    I have an internal CA. In fact all the servers have certificates from the internal CA. I was wondering if I could use the CACERT certificates for the External Edge server (that is part of a test/pilot environment).

    /Thomas

    You could, but it wouldn't make much sense. Your external clients don't trust CACert or your Internal Private CA by default so you'll have to deal with installing root certificates on external clients either way. You might as well just issue the cert from your own CA.

    If you really want to go the public cert route I would recommend using a CA that is trusted automatically by Windows. We've had good luck with Entrust so far.
    Tuesday, March 25, 2008 6:06 PM