DIY PKI Digital signatures vs 3rd party

Gonzales

Hi,
I have recently become aware of the security & efficency benefits of using PKI digital signatures software to sign our doc & save them electronically. I've done quite a bit of research on the subject & it while it seems do able to set up your own administered certificate to authenticate the signatures it seems quite complex for me (non IT type).

My post is really to ask if anyone has set this up themselves with out or with minimal 3rd party support & how was the end result? any experiences in this field would be useful in making the decision to go DIY or 3rd party (US$16K for 100 users :eek:)

Regards,
Gonzales.

_CreeD_

If it's for internal use only then go with your own. You only need 3rd party certificates if you want them trusted outside of your network. However plan your PKI implementation very carefully, by it's nature it is not something you can change on the fly so if you decided to change the setup later in most cases you will have to scrap everything and start from scratch. The cheapest solution is (depending on your infrastructure of course) probably to use the Certificate Authority built into Windows Server. Microsoft Press' "Windows Server 2003 PKI and Certificate Security" covers this pretty well. Give it a read, setup a test server and client in VMWare or something similar and see how it suits you.