ad info
   personal technology

 Headline News brief
 news quiz
 daily almanac

 video archive
 multimedia showcase
 more services

Subscribe to one of our news e-mail lists.
Enter your address:
Get a free e-mail account

 message boards

CNN Websites
 En Español
 Em Português


Networks image
 more networks

 ad info



Network World Fusion

VeriSign takes the pain out of digital certificates

January 17, 2000
Web posted at: 10:19 a.m. EST (1519 GMT)

by Tim Greene

(IDG) -- VeriSign thinks it should be easier to use digital certificates to verify virtual private network (VPN) users, so the company is simplifying the process.

Rather than using a cumbersome manual procedure to enroll in VeriSign's certificate authority service, users of the company's new automated service will be able to simply integrate VeriSign certificates and encryption keys with VPN gear made by other vendors. The first vendor to partner in the VeriSign venture, known as Go Secure, is Check Point. VeriSign plans to announce similar relationships with Nortel Networks and other VPN vendors later this year.

To use Go Secure, customers must first buy a Check Point VPN-1 firewall or SecureRemote VPN software. Neither of those products comes with digital certificates.

  The need for online identities
  Europe in digital-signature drama
  Ventura puts his signature on the digital world's network operating systems page
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

In the past, customers could buy a VeriSign service called On-Site to get digital certificates, but they had to configure their VPN clients manually.

This task is so complicated that it requires an ISstaff member to register each end-user machine, says James Mascaro, network architect for Xcelerate, an e-business consultancy in Fort Lauderdale, Fla. "It's a rather lengthy and easily messed-up process," Mascaro says. "As soon as you get a large number of users, distributing certificates becomes unmanageable," says Steve Harris, an analyst with International Data Corp. in New York.

With the Go Secure service for Check Point products, rather than going through a complex string of downloading files and importing them into Check Point VPN software, end users log on to a Web site and click twice. They can then use a VeriSign certificate to authenticate themselves for the purpose of exchanging encryption keys used to secure Internet connections.

For Check Point, Go Secure automates interactions between an end user's Web browser and a Check Point client to install certificates. With Go Secure for other vendors, automation of the VeriSign enrollment will take place within the VPN client software itself. Without the automated process, Check Point end users would have to pick up certificates from a VeriSign Web site and install them in their browsers. Then users would export them to their hard drives and import them into their Check Point clients.

"It's ugly," says Marshall Behling, VeriSign's strategic business development manager.

With Go Secure, network administrators have some work to do before end users can use the automated enrollment. First they must upload a list of authorized users, and each one is assigned a passcode by VeriSign. The lists can be integrated with existing firewall user databases or Lightweight Directory Access Protocol files.

Administrators then distribute the passcodes securely and tell end users to pick up their certificates at a secure VeriSign Web page. Go Secure for Check Point costs $35,000 for up to 500 users or $60,000 for 1,000 users. It will be available in February. Go Secure for Nortel Contivity products is scheduled for release this spring, but no other details were available. Go Secure for other vendors' products is scheduled for later this year.

Compromise likely on digital signature bill
November 8, 1999
Fighting the plague of identity theft
October 11, 1999
Digitalme gives users one Net profile
October 7, 1999

The need for online identities
Feds name two more digital certificate vendors
Europe in digital-signature drama
(The Industry Standard)
Ventura puts his signature on the digital world
Australian law rewritten to accommodate e-signatures
(Computerworld Australia)
Clinton uses digital signature to sign e-commerce communique
IETF and W3C agree: Digital signatures need XML
(Network World Fusion)
Digital-signature advocates target American Bar Association
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

AT&T DSA Signature Software
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.