RSA touts DIY certificates
A new option for web authentication from RSA Security Inc will let businesses manage their own SSL (Secure Socket ayer) digital certificates, instead of having to rely on certificate authority service providers who charge an annual fee per certificate.
The need to reliably authenticate Web servers to visiting browsers, calls for trusted certificates to complete the certificate validation process in a way that is transparent to the end-user. In the same way that a business will want to verify the identity of an individual wanting to make a commercial web site transaction, visitors to web sites want to see a level of trust. By reliably authenticating Web servers to visiting browsers, SSL server certificates help build that trust.
With RSA's Keon Web Server SSL, customers' Web server certificates generated and issued by their RSA Keon Certificate Authority (CA) software are designed to be automatically validated and trusted by popular Web browsers, email packages or other secure applications. The product is targeted for use anywhere there is a need for web authentication, to support a move to digital signatures, or to improve the level of secure access to corporate email or virtual private network (VPN) systems.
The Bedford, Massachusetts-based security vendor claims its option is a cheaper alternative to a service-based approach to CA-based server authentication. It is a move no doubt intended to chip away at the managed certificate business of RSA rival, Verisign Inc.
The RSA Keon Web Server SSL offering is intended to take care of all aspects surrounding the issuing, management and validation of SSL server certificates, using 128-bit encryption between browsers and servers. It also includes various root signing services to accredit a businesses' certificate authority to RSA's own recognized trust hierarchy.