VeriSign thinks it should be easier to use digital certificates to verify virtual private network (VPN) users, so the company is simplifying the process.
Rather than using a cumbersome manual procedure to enroll in VeriSign's certificate authority service, users of the company's new automated service will be able to simply integrate VeriSign certificates and encryption keys with VPN gear made by other vendors.
The first vendor to partner in the VeriSign venture, known as Go Secure, is Check Point. VeriSign plans to announce similar relationships with Nortel Networks and other VPN vendors later this year.
To use Go Secure, customers must first buy a Check Point VPN-1 firewall or SecureRemote VPN software. Neither of those products comes with digital certificates.
In the past, customers could buy a VeriSign service called On-Site to get digital certificates, but they had to configure their VPN clients manually.
This task is so complicated that it requires an ISstaff member to register each end-user machine, says James Mascaro, network architect for Xcelerate, an e-business consultancy in Fort Lauderdale, Florida.
"It's a rather lengthy and easily messed-up process," Mascaro says.
"As soon as you get a large number of users, distributing certificates becomes unmanageable," says Steve Harris, an analyst with International Data Corp. in New York.
With the Go Secure service for Check Point products, rather than going through a complex string of downloading files and importing them into Check Point VPN software, end users log on to a Web site and click twice. They can then use a VeriSign certificate to authenticate themselves for the purpose of exchanging encryption keys used to secure Internet connections.
For Check Point, Go Secure automates interactions between an end user's Web browser and a Check Point client to install certificates. With Go Secure for other vendors, automation of the VeriSign enrollment will take place within the VPN client software itself.
Without the automated process, Check Point end users would have to pick up certificates from a VeriSign Web site and install them in their browsers. Then users would export them to their hard drives and import them into their Check Point clients.
"It's ugly," says Marshall Behling, VeriSign's strategic business development manager.
With Go Secure, network administrators have some work to do before end users can use the automated enrollment. First they must upload a list of authorized users, and each one is assigned a passcode by VeriSign. The lists can be integrated with existing firewall user databases or Lightweight Directory Access Protocol files.
Administrators then distribute the passcodes securely and tell end users to pick up their certificates at a secure VeriSign Web page.
Go Secure for Check Point costs US$35,000 for up to 500 users or $60,000 for 1,000 users. It will be available in February.
Go Secure for Nortel Contivity products is scheduled for release this spring, but no other details were available. Go Secure for other vendors' products is scheduled for later this year.