Certificates

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi Everyone,

Forgive me if I have put this question in the wrong feed. I have had little exposure to certificate services and was wondering if you needed to purchase certificates from Certificate Providers in order to configure SSL in IIS. If so, what do the certificate services within Windows 2000 do and are they needed?

Thanks in advance,

Greg
 
Greg Edmonds said:
Hi Everyone,

Forgive me if I have put this question in the wrong feed. I have had
little exposure to certificate services and was wondering if you needed to
purchase certificates from Certificate Providers in order to configure SSL
in IIS. If so, what do the certificate services within Windows 2000 do and
are they needed?
Thanks in advance,

Greg

Certificate authorities are used to distribute and manage certificates for
SSL (secure Socket Layer) based communications and encryption keys for
file/folder encryption. You don't have to purchase any certificates from a
security provider since a W2K Cert Auth is a Security Provider.

The subject is quite deep but there are a few important issues you would
need to read about. The recovery agent and how to back up encryption keys. A
recovery agent can't recover an encrypted file which was encrypted before he
or she became a recovery agent. If you loose the recovery agent key(s)
you'll wish you never ran a cert Authority in the first place. In some
cases, loosing a recovery agent is death itself (i'm not saying don't use
it, it's a very, very useful feature that's highly recommended in an
environment that warrants it). Enough said.

SSL and IIS works nicely in a secure environment where an administrator
needs to aproove a certificate application.

Using a Certificate Authority for the Encrypting File Service
http://support.microsoft.com/default.aspx?scid=kb;en-us;223338

Certificates and certification authorities
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/standard/sag_CMCertsCas.asp
 
It depends. If your website is going to be available to the general public then you
want to purchase a certificate from a public CA such as Verisign. The reason is that
you want you certificate to be "trusted" when someone accesses your https site
otherwise a message will pop up telling user that the certificate from your site is
not from a trusted CA and most users will abort. If you are going to provide access
to a "closed" user base such as your domain or organization or possibly a small list
of other organizations then a private certificate may well be acceptable. Those users
would have to import a private CA certificate into their computer certificate
store/web browser store [see yours in tools/internet
options/content/certificates/trusted root CA's]. For a W2K domain that can be done
via Group Policy. Certificate services provides a pki for a network or a domain for
such things as EFS file encryption, l2tp vpn, encrypted email, ipsec, smart cards,
and other types of user/machine authentication. --- Steve



Greg Edmonds said:
Hi Everyone,

Forgive me if I have put this question in the wrong feed. I have had little
exposure to certificate services and was wondering if you needed to purchase
certificates from Certificate Providers in order to configure SSL in IIS. If so,
what do the certificate services within Windows 2000 do and are they needed?
 
Back
Top