By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,709 Members | 2,164 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,709 IT Pros & Developers. It's quick & easy.

Which type of digital certificate to get from VeriSign for SignedXML

P: n/a
Hi all,

Happy New Year.

I am using SignedXML and an X509 certificate to digitally sign a SOAP
message body and put the signature in the SOAP header for a B2B business
application. Can you suggest which type of digital certificates from
VeriSign is for this purpose? I checked VeriSign's web site but didn't find
it obvious to decide.

Thank you very much for your help.

--- Guangxi
Nov 12 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Hi Guangxi,

What about the Secure Site Services? SSL certificates are ideal for
securing Web sites, intranets and extranets. It's cheap and guarantee every
SSL session will receive powerful SSL encryption, the strongest encryption
available, regardless of browser version.

http://www.verisign.com/products/site/secure/index.html

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Nov 12 '05 #2

P: n/a
Hi Kevin,

Thanks for your reply. I do have the SSL certificate to secure the web site.
However, I am not clear if the same SSL certificate can be used to digitally
sign an SOAP message and send it to the business partner for signature
verification. SSL certificate is specifically assigned to a given URL, while
the X509 certificate for the digital signature shouldn't be. My current
understanding is that a Class 3 digital ID is needed for this purpose, but I
don't know how to get this type of certificate from VeriSign, and VeriSign's
web site and their support stuff is not very useful and friendly to help me
out.

Thanks,

--- Guangxi

"Kevin Yu [MSFT]" <v-****@online.microsoft.com> wrote in message
news:d9**************@cpmsftngxa07.phx.gbl...
Hi Guangxi,

What about the Secure Site Services? SSL certificates are ideal for
securing Web sites, intranets and extranets. It's cheap and guarantee every SSL session will receive powerful SSL encryption, the strongest encryption
available, regardless of browser version.

http://www.verisign.com/products/site/secure/index.html

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Nov 12 '05 #3

P: n/a
Hi Guangxi,

I think it can be used to sign a SOAP message, because SOAP is actually
woking on HTTP. Here's a KB article, and I hope it's helpful to you

http://support.microsoft.com/default...b;en-us;257591

Besides posting here, you can also try to contact VeriSign. I think they
can provide you with a better solution.

BTW, are you a Chinese?

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Nov 12 '05 #4

P: n/a
After posting to the newsgroups, I did more research on this issue with
VeriSign and the business partner. Here is some of the findings:

1. VeriSign does not sell Class 3 digital certificates for digital
signatures in a B2B environment.
2. VeriSign states that SSL certificates can also be used for digital
signatures since VeriSign added digital signature extension to SSL
certificates.
3. VeriSign Code Signing certificates may also be used for digital
signatures, but it does not recommend its use, since they may choose not to
support that in the future for XML signing.

Thank you all for you attention. Hope this may also help other people who
may face the same issue in the future.

--- Guangxi

"Guangxi Wu" <gw*@ch2m.com> wrote in message
news:uJ**************@tk2msftngp13.phx.gbl...
Hi Kevin,

Thanks for your reply. I do have the SSL certificate to secure the web site. However, I am not clear if the same SSL certificate can be used to digitally sign an SOAP message and send it to the business partner for signature
verification. SSL certificate is specifically assigned to a given URL, while the X509 certificate for the digital signature shouldn't be. My current
understanding is that a Class 3 digital ID is needed for this purpose, but I don't know how to get this type of certificate from VeriSign, and VeriSign's web site and their support stuff is not very useful and friendly to help me out.

Thanks,

--- Guangxi

"Kevin Yu [MSFT]" <v-****@online.microsoft.com> wrote in message
news:d9**************@cpmsftngxa07.phx.gbl...
Hi Guangxi,

What about the Secure Site Services? SSL certificates are ideal for
securing Web sites, intranets and extranets. It's cheap and guarantee

every
SSL session will receive powerful SSL encryption, the strongest encryption available, regardless of browser version.

http://www.verisign.com/products/site/secure/index.html

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."


Nov 12 '05 #5

P: n/a
Can someone tell me what is the equivalent of the WSEQuickStart samples
X.509 certificate in Verisign Products list ? Verisign support dint
have any clue and they said I might need Code Signing Digital Ids but
when I go to that page, they have multiple items under that list
(Microsoft Authenticode Digital ID, Sun Java Signing Digital ID,
Netscape Object Signing Digital ID and so on). I read in another thread
that someone used 'Digital IDs for Secure Email' for the same purpose.
Can someone confirm whether this is the right thing to purchase ? There
is pretty big difference in the cost ($400 vs $19.95 a year) ! I'm
trying to connect to a WebLogic webservice using a dotnet client (which
is very similar to the X.509 sample provided with the Microsoft WSE
2.0.

Thanks

Nov 12 '05 #6

P: n/a
It took me a very long time to get a straight answer from thawte as well, but
we purchased an additional license for an existing SSL cert. Our SSL Cert is
now used to sign and encrypt the messages on both ends, i.e. the cleint and
server.

When we imported the re-issued SSL Cert into IIS, we marked the private key
as exportable. Then we exported the cert and emailed it to the other server
and imported it into the certificate stores.

"sabs" wrote:
Can someone tell me what is the equivalent of the WSEQuickStart samples
X.509 certificate in Verisign Products list ? Verisign support dint
have any clue and they said I might need Code Signing Digital Ids but
when I go to that page, they have multiple items under that list
(Microsoft Authenticode Digital ID, Sun Java Signing Digital ID,
Netscape Object Signing Digital ID and so on). I read in another thread
that someone used 'Digital IDs for Secure Email' for the same purpose.
Can someone confirm whether this is the right thing to purchase ? There
is pretty big difference in the cost ($400 vs $19.95 a year) ! I'm
trying to connect to a WebLogic webservice using a dotnet client (which
is very similar to the X.509 sample provided with the Microsoft WSE
2.0.

Thanks

Nov 12 '05 #7

P: n/a
Hopefully, you did not include the password when you emailed the
certificate. If you did, consider the certificate compromised and get a new
one.

The password will allow the cert to be imported. If compromised, anyone
could install the certificate.

Chris Rolon

"DevilDog74" <De********@discussions.microsoft.com> wrote in message
news:BD**********************************@microsof t.com...
It took me a very long time to get a straight answer from thawte as well, but we purchased an additional license for an existing SSL cert. Our SSL Cert is now used to sign and encrypt the messages on both ends, i.e. the cleint and server.

When we imported the re-issued SSL Cert into IIS, we marked the private key as exportable. Then we exported the cert and emailed it to the other server and imported it into the certificate stores.

"sabs" wrote:
Can someone tell me what is the equivalent of the WSEQuickStart samples
X.509 certificate in Verisign Products list ? Verisign support dint
have any clue and they said I might need Code Signing Digital Ids but
when I go to that page, they have multiple items under that list
(Microsoft Authenticode Digital ID, Sun Java Signing Digital ID,
Netscape Object Signing Digital ID and so on). I read in another thread
that someone used 'Digital IDs for Secure Email' for the same purpose.
Can someone confirm whether this is the right thing to purchase ? There
is pretty big difference in the cost ($400 vs $19.95 a year) ! I'm
trying to connect to a WebLogic webservice using a dotnet client (which
is very similar to the X.509 sample provided with the Microsoft WSE
2.0.

Thanks

Nov 12 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.