[AG-TECH] Life of 'service' cert
Randy Groves
randy.groves at boeing.com
Fri Apr 16 16:07:31 CDT 2004
Actually, the Exchange Security token is in more common use. But I'm
guessing that it might not be the right format to use for an AG cert. I
saw your note about writing this up - I'll certainly give it a shot -
there's a lot I don't know about how we use them, however. We do have a
single-sign-on system for various resources, and using a certificate in
your browser is one of the choices.
I would have to say that many more people have Exchange tokens for secure
mail than have personal certificates. But since we do have an established
method for requesting a personal certificate, and instructions exist for
importing them into IE and Netscape, that definitely would be less painful
than the present situation.
But all this still doesn't really answer the issue of on-the-spot need for
a certificate and how to resolve that - but I think that it may be an
unresolvable issue.
-randy
At 01:35 PM 4/16/2004, Robert Olson wrote:
>At 02:43 PM 4/16/2004, Randy Groves wrote:
>>Until such time as I (or someone) can modify the certificate system in
>>such a way what it pays attention, for instance, to certificates already
>>installed in IE (for example), or in Exchange/Outlook,
>
>I've contemplated support for this, and didn't know that anyone actually
>used certs there :-).
>
>How do folks use these certs - do they type the passphrase once at IE and
>let it hold it? Or are they installed there without passphrases?
>
>I've got the code kicking around somewhere for extracting certs from teh
>IE cert store; post-2.2 I can start thinking about how to integrate that.
>
>--bob
More information about the ag-tech
mailing list