[AG-TECH] Life of 'service' cert

Randy Groves randy.groves at boeing.com
Fri Apr 16 16:07:31 CDT 2004

Actually, the Exchange Security token is in more common use.  But I'm 
guessing that it might not be the right format to use for an AG cert.  I 
saw your note about writing this up - I'll certainly give it a shot - 
there's a lot I don't know about how we use them, however.  We do have a 
single-sign-on system for various resources, and using a certificate in 
your browser is one of the choices.

I would have to say that many more people have Exchange tokens for secure 
mail than have personal certificates.  But since we do have an established 
method for requesting a personal certificate, and instructions exist for 
importing them into IE and Netscape, that definitely would be less painful 
than the present situation.

But all this still doesn't really answer the issue of on-the-spot need for 
a certificate and how to resolve that - but I think that it may be an 
unresolvable issue.


At 01:35 PM 4/16/2004, Robert Olson wrote:
>At 02:43 PM 4/16/2004, Randy Groves wrote:
>>Until such time as I (or someone) can modify the certificate system in 
>>such a way what it pays attention, for instance, to certificates already 
>>installed in IE (for example), or in Exchange/Outlook,
>I've contemplated support for this, and didn't know that anyone actually 
>used certs there :-).
>How do folks use these certs - do they type the passphrase once at IE and 
>let it hold it? Or are they installed there without passphrases?
>I've got the code kicking around somewhere for extracting certs from teh 
>IE cert store; post-2.2 I can start thinking about how to integrate that.

More information about the ag-tech mailing list