[unisog] S/MIME Key Management

Christopher Crowley ccrowley at tulane.edu
Mon Nov 7 16:47:33 GMT 2005

Out of curiosity.

Has anyone set up a CA that they feel follows best security practices and
provides enterprise class service?

For example, Is you CA offline. Is there a webpage for users to request new
certs, you escrow signing keys, a method in place to verify and sign requests,
and there are agents to vet the requestor and distribute certs?

Christopher Crowley
Technology Services
Tulane University
ccrowley at tulane.edu
Tel: 713.212.1378 (Houston Temporary)

Quoting Russell Fulton <r.fulton at auckland.ac.nz>:

> Mike Wiseman wrote:
>   I'd be interested to
> > hear if others are doing a combination of reselling commercial CA
> > products and running a self-signed CA. The reselling service would serve
> > those needing SSL server certs and S/MIME certs for external facing
> > email. The internal CA would be used for user authentication and
> > encryption apps.
> This is exactly what we have been doing for nearly 5 years.  Up until
> now we have just used self-signed cert internally but are now looking at
> setting up  a small CA operation to sign certs for internal use and
> encourage everyone on campus to load our master Cert into their browsers.
> Russell
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list