Re: SSL Cert. Creation

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 06/14/04 

Date: Mon, 14 Jun 2004 12:40:10 +1000

All Windows Server OSes have the option to install "Microsoft Certificate
Services". This offers the functionality of a CA - so you can issue your own
server and client certificates.

Cheers
Ken

"Joe" <anonymous@discussions.microsoft.com> wrote in message
news:1b8a401c4514f$1e6fb4c0$a601280a@phx.gbl...
: Thank Ken I apprecialte your reply,
:
: I have used SSL on my webs before and I purchased a
: cert.at instantSSL all is fine. But since I moved to a
: server product such as Server 2003 Enterprise it has what
: I think is a CA ability. At least this is what I have seen
: in add/remove windows components. Now as for the use of
: this feature I am unsure. I guess this would have been a
: better post than the original.
:
: Thanks
: Joe
: >-----Original Message-----
: >Hi,
: >
: >I think we're getting a little confused here...
: >
: >Certificates can have a number of different "purposes".
: If you are running
: >Windows XP (and I think Windows 2000), goto Start -> Run -
: > certmgr.msc
: >which will load the Certificate Manager. You'll probably
: see a number of
: >certificate categories.
: >
: >Now normally when you use SSL on the web to do some
: shopping, the server has
: >a "server certificate". This is designed to prove that
: www.amazon.com is
: >actually www.amazon.com and not some site that someone
: else has put up
: >pretending to be www.amazon.com
: >
: >The server certificate that www.amazon.com has is issued
: by a CA. If you go
: >to https://www.amazon.com and bring up the details of the
: certificate, you
: >will see in the certificate path that the certificate was
: issed by Verisign.
: >Now your browser has built in trust for Verisign's root
: certificate, so you
: >don't get a warning.
: >
: >Now, if you goto https://www.careers.unsw.edu.au and
: check the certification
: >path, you will see that the cert is issued by "Careers
: and Employment (UNSW)
: >Certificate Authority". Since your browser does not trust
: this CA, you will
: >get a warning. If you want to get rid of the warning, you
: need to import the
: >CA's root certificate into your client's certificate
: store.
: >
: >Cheers
: >Ken
: >
: >"Joe" <anonymous@discussions.microsoft.com> wrote in
: message
: >news:1b98d01c4506a$497f6e20$a401280a@phx.gbl...
: >: Thank for your replu Ken,
: >:
: >: Will the cert that is genreated with the OS install
: which
: >: inturn is the name of the machine work if imported into
: >: the browser store? Will the client receive errors?
: >:
: >: Thank you
: >: Joe
: >: >-----Original Message-----
: >: >Trusted by who? is the question.
: >: >
: >: >For a generic browser to "trust" your server
: certificate,
: >: the CA's
: >: >(Certificate Authority's) root certificate needs to be
: >: imported into the
: >: >browser's certificate store. Certain commercial CAs
: >: already have their root
: >: >certificates added to the browser's certificate store
: by
: >: the browser
: >: >manufacturer. If you setup your own CA, then you will
: >: need to manually add
: >: >the CA's root certificate to the browser's store. You
: do
: >: not need to do this
: >: >if the CA is running MS Certificate Services, and is an
: >: AD integrated CA,
: >: >and the server and client are in the same AD forest.
: >: >
: >: >Cheers
: >: >Ken
: >: >
: >: >
: >: >"Joe" <anonymous@discussions.microsoft.com> wrote in
: >: message
: >: >news:1b86f01c45023$ed6c1f20$a401280a@phx.gbl...
: >: >: Hello,
: >: >:
: >: >: I am wondering if you can create your own trusted
: >: >: certificate in Windows Server 2003 Enterprise to use
: on
: >: >: the internet?
: >: >:
: >: >: Thank you
: >: >: Joe
: >: >
: >: >
: >: >.
: >: >
: >
: >
: >.
: >

Relevant Pages

  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Configuring SBS2003 for OWA and RWW
    ... And make sure certificate will not be ... On the Connection Type page, click Broadband, and then click Next. ... next to Preferred DNS server and next to ... If you are using ISA, please go to ISA management console, and navigate ...
    (microsoft.public.windows.server.sbs)
  • Re: Configuring LDAP on Entourage 2004 OS X
    ... Microsoft CSS Online Newsgroup Support ... does not work with a self signed SSL certificate OR with the SSL ... configure the System to allow OMA and "Server ActiveSync" access from the ... Configuring Exchange Server 2003 for Client Access. ...
    (microsoft.public.windows.server.sbs)
  • Encrypted RPC using Schannels SPPI for SSL and AuthInfo binding
    ... I'm developing on Windows 2000 Server with the Microsoft Platform SDK ... I'm hoping to get an SSL tunnel between the two using the RPC calls ... I've made a self-signed certificate using makecert.exe and I've loaded it ... In the RPC server setup, I'm opening up this store and locating the ...
    (microsoft.public.win32.programmer.networks)