why can't I use my own CA for a digital ID?

Spin · Jan 17, 2004

Using Outlook Express 6.0 as my Internet email client. According to this
link:

http://office.microsoft.com/assistance/preview.aspx?AssetID=HA010547821033&C
TT=6&Origin=EC010553071033

I may only get digital IDs from Verisign, GlobalSign, BT, or Thawte. I
created my own internal CA, so why can't I use that for a digital ID?

--

neo [mvp outlook] · Jan 17, 2004

You could, but anyone external to your agency/network wouldn't have a copy
of your root CA on their machine. This alone would net the person an
information dialog on asking whether or not the certificate should be
trusted.

Spin · Jan 17, 2004

I don't mind that. They could import the certificate onto their machine,
and then they won't be prompted anymore. This way I can do email encryption
with my IT colleagues (as we practice for our MCSE) without having to pay
for a true public cert. from the likes of VeriSign, etc...

So, I am looking for instructions on whole to request a cert from my own CA
to use for my email client. I have already done this successfully requested
a certificate (web template) for an IIS Server to do SSL. Sure, browsers
get prompted with an information dialog on asking whether or not the
certificate should be trusted, but heck, this is all just practice anyway!

--

neo said:
You could, but anyone external to your agency/network wouldn't have a copy
of your root CA on their machine. This alone would net the person an
information dialog on asking whether or not the certificate should be
trusted.
--
Neo [MVP Outlook]
Due to the Swen virus, all e-mails sent to this account will be deleted
w/out reading.

Spin said:

Using Outlook Express 6.0 as my Internet email client. According to this
link:

Click to expand...

http://office.microsoft.com/assistance/preview.aspx?AssetID=HA010547821033&C

Laura A. Robinson [MVP] · Jan 17, 2004

circa Sat, 17 Jan 2004 00:38:38 -0500, in
microsoft.public.windows.server.general, Spin ([email protected]) said,

Using Outlook Express 6.0 as my Internet email client. According to this
link:

http://office.microsoft.com/assistance/preview.aspx?AssetID=HA010547821033&C
TT=6&Origin=EC010553071033

I may only get digital IDs from Verisign, GlobalSign, BT, or Thawte. I
created my own internal CA, so why can't I use that for a digital ID?

Well, technically, you could. The problem is, everybody to whom you
send e-mail would have to add your CA to their trusted CAs lists in
order for this idea to work.

Laura

Laura A. Robinson [MVP] · Jan 17, 2004

circa Sat, 17 Jan 2004 09:44:14 -0500, in
microsoft.public.windows.server.general, Spin ([email protected]) said,

I don't mind that. They could import the certificate onto their machine,
and then they won't be prompted anymore. This way I can do email encryption
with my IT colleagues (as we practice for our MCSE) without having to pay
for a true public cert. from the likes of VeriSign, etc...

So, I am looking for instructions on whole to request a cert from my own CA
to use for my email client. I have already done this successfully requested
a certificate (web template) for an IIS Server to do SSL. Sure, browsers
get prompted with an information dialog on asking whether or not the
certificate should be trusted, but heck, this is all just practice anyway!

Start -> Run -> MMC. Add the Certificates snap-in. Start right-
clicking. You'll find it. :-)

Laura

why can't I use my own CA for a digital ID?

Spin

neo [mvp outlook]

Spin

Laura A. Robinson [MVP]

Laura A. Robinson [MVP]