Greg Edmonds said:
Hi Everyone,
Forgive me if I have put this question in the wrong feed. I have had
little exposure to certificate services and was wondering if you needed to
purchase certificates from Certificate Providers in order to configure SSL
in IIS. If so, what do the certificate services within Windows 2000 do and
are they needed?
Certificate authorities are used to distribute and manage certificates for
SSL (secure Socket Layer) based communications and encryption keys for
file/folder encryption. You don't have to purchase any certificates from a
security provider since a W2K Cert Auth is a Security Provider.
The subject is quite deep but there are a few important issues you would
need to read about. The recovery agent and how to back up encryption keys. A
recovery agent can't recover an encrypted file which was encrypted before he
or she became a recovery agent. If you loose the recovery agent key(s)
you'll wish you never ran a cert Authority in the first place. In some
cases, loosing a recovery agent is death itself (i'm not saying don't use
it, it's a very, very useful feature that's highly recommended in an
environment that warrants it). Enough said.
SSL and IIS works nicely in a secure environment where an administrator
needs to aproove a certificate application.
Using a Certificate Authority for the Encrypting File Service
http://support.microsoft.com/default.aspx?scid=kb;en-us;223338
Certificates and certification authorities
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/standard/sag_CMCertsCas.asp