[736] in WWW Security List Archive
Re: Using Netsite Commerce Server with non-RSA certificate?
daemon@ATHENA.MIT.EDU (isaac j g)
Mon Jun 5 21:28:32 1995
Date: Mon, 5 Jun 1995 17:45:47 -0400 (EDT)
From: isaac j g <i7c@cosmail2.ctd.ornl.gov>
To: Jamey Maze <jnm@ornl.gov>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <v0300201babf8b66df365@[128.219.128.57]>
Errors-To: owner-www-security@ns2.rutgers.edu
>On Mon, 5 Jun 1995, Jamey Maze wrote:
> I'd like to startup Netsite Commerce Server for internal-use-only and not
> have to bother with getting an RSA certificate. Has anyone done this? If
> so, what software did you use to create the keys and certificate? TIS/PEM
> maybe?
>
I'd be real suprised if you could do this with the commerce server since it
would require modification to the SSL protocol code and the notion of
doing this defeats the purpose of a central CA which SSL is based upon.
It is reasonable however to have support for multiple CAs in commerce
server which is currently doesn't have. You may want to post this
question on the ssl-talk@netscape.com list.
This however has been done with the ssl reference port. There are some
patches available for sslref 2.0 which will allow you to bypass the CA
to provide an encrypted channel only.
There are also some patches which allow you to specify you own CA. RIPEM
is used to generated the certificate. This is also discussed in
ssl-talk@netscape.com
You may also wish to check out SSLeay which is another implementation of
SSL. Some of the basic utilities such as SRA telnet,ftp and NCSA httpd
and Mosaic have are being implemented using this.
John Isaac
Turner Harper and Assoc.
C/O Martin Marietta Energy Systems
Hazwrap Information and Data Systems Program
email: i7c@ornl.gov
url: http://eagle.haz.ornl.gov/staff/john.html
phone: 615-435-3285
fax: 615-435-3181
