SSL without certificates

[MS]

I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

It appears the SSL/TLS standard does not require the server
authentication step during the handshake, but how is it implemented on W2K?

I browsed through the MS Knowledgebase but couldn't find the answer.

MS

 

[Keith W. McCammon]

I don't care about server authentication, I just want to encrypt the

connection.

You could use a shared secret.

There's plenty of IPSec information available on TechNet, if documentation
is what you're looking for.

 

[ho alexandre]

I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

I'll take theexample of an SSH connection.
You always need an authentication of the server, but you only need a
keypair, not a certificate.

 

[Rainer Gerhards]

You need a cert ... but you do not need to purchase one If you don't care
if it is a trusted one, go ahead and request a "test certificate" at e.g.
www.verisign.com and www.thawtee.com or - barely remember - www.commondo.com
(or was it commodo...). That cert will expire and thus bring up a browser
warning, but who cares...

HTH
Rainer Gerhards
http://www.monitorware.com

 

[Splatter]

I want to use SSL for client to server communication. The server is W2K.
I don't care about server authentication, I just want to encrypt the
connection.
Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

I'm not sure what your specific needs are but I got around this using 2K
at home by installing the windows certificate authority, and using it to
roll my own CA & website certificate.
HTH
DP

 

[MS]

If I need a certificate, I can make one myself (as Splatter mentioned in
another post), but do I really need one? Or is there a way to configure
the server so that it skips the certificate validation step in the SSL
handshake?

 

[Rainer Gerhards]

Sure, you can make one yourself if you have the time and knowledge to set up
the CA just for this reason If I were just in need of a signle cert, I
wouldn't do that...

Anyhow. Bottom line: you need one, as the cert is used when standard
browsers and standard servers exchange the session key.

Rainer Gerhards
http://www.monitorware.com/en/

 

[RobH]

Sorry not familiar with it, but:

Entering your question (Microsoft implementation of ssl in Windows
2000) into the Search the Knowledge Base at the top of Microsoft's
Online Support site, provides several results, and hopefully some
might discuss that. I see the mention of white papers on
implementation, but have not read any of them so far.

Other possible helps might be the MSDN home website, and the
Windows Platform SDK.

Searches for "certificateless ssl" and "certificateless tls" at
those sites, as well as on the Web, might also produce other
results for you.

Regards, RobH.



Splatter wrote:

As I stated in my original post, I cannot find the answers in
Microsoft
documentation. Anybody out there who is familiar with the
Microsoft
implementation of SSL in W2K and can answer my question?

MS

 

[Ms]

You can generate "test" sertificate and do not think about "anonymous tls"
http://www.stunnel.org/pem/

or you can use http://www.stunnel.org/ vs. MS ISAPI SSL filter on 443

but stunnel USEs sertificates too:
http://www.stunnel.org/faq/stunnel.html#certificates


"> Does the Microsoft W2K implementation of SSL=TLS allow bypassing the