You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by SG...@intellicare.com on 2008/04/15 18:24:17 UTC

Best practices for certificates

Opinions or pointers to references addressing these question appreciated:

Do you self-sign the certificates you use for signing and encrypting web
service traffic? Does this establish sufficient trust?
Do you use a well-known certificate authority to sign/create your
certificates? Are there any out there that even provide certificates for
web service encryption/signing??
Are the SSL certificates that most vendors sell suitable for web service
signing and encryption?

I hope this is a suitable topic for this group.  I haven't found much
information other than what vendors have to say and they are 1. not
objective (see this interesting article:
http://www.schneier.com/paper-pki.html) and 2. not oriented to securing web
services (seem to know mostly about SSL certificates for web servers).

Thanks!

______________________________________________
Steve Gruverman, Programmer
IntelliCare, Inc. | A Medco Health Solutions Company

500 Southborough Drive | South Portland ME 04106
p: (207) 253-2152 | f: (207) 773-1857
w: www.intellicare.com | e: sgruverman@intellicare.com





---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org