How we did it

We used an HP Proliant ML330 server with a 2.8-GHz Xeon processor and 1G byte of memory running Windows Server 2003 Enterprise Edition as our Validation Authority server. We used a Linux machine, running Fedora Core 1 inside VMWare, as the OpenSSL-based Certificate Authority, with OpenLDAP for certificate distribution, and Apache 2.0.49 for our Certificate Revocation List distribution and as the test SSL Web server.

To test the vendor's claim that the RTC Responder was lightweight, we used a late model Toshiba notebook with a 700 MHz processor running Windows XP. Separate Red Hat Fedora Core 1 and Windows XP clients were used for the test browsers (Mozilla and Internet Explorer.) For our testing we used the Microsoft SQL server bundled with the CoreStreet product for its internal certificate storage.

We configured an Apache Web Server to use SSL, and several clients (IE on Windows XP, Mozilla on Red Hat Fedora Core 1, and OpenSSL) to access the Web server. We used OpenSSL and OpenLDAP to set up a certificate infrastructure consisting of a single root certificate and a total of 10,000 user certificates. We revoked some of the certificates and configured others to expire.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

We used an HP Proliant ML330 server with a 2.8-GHz Xeon processor and 1G byte of memory running Windows Server 2003 Enterprise Edition as our Validation Authority server. We used a Linux machine, running Fedora Core 1 inside VMWare, as the OpenSSL-based Certificate Authority, with OpenLDAP for certificate distribution, and Apache 2.0.49 for our Certificate Revocation List distribution and as the test SSL Web server.

To test the vendor's claim that the RTC Responder was lightweight, we used a late model Toshiba notebook with a 700 MHz processor running Windows XP. Separate Red Hat Fedora Core 1 and Windows XP clients were used for the test browsers (Mozilla and Internet Explorer.) For our testing we used the Microsoft SQL server bundled with the CoreStreet product for its internal certificate storage.

We configured an Apache Web Server to use SSL, and several clients (IE on Windows XP, Mozilla on Red Hat Fedora Core 1, and OpenSSL) to access the Web server. We used OpenSSL and OpenLDAP to set up a certificate infrastructure consisting of a single root certificate and a total of 10,000 user certificates. We revoked some of the certificates and configured others to expire.

Read more about security in Network World's Security section.