none
Certificate Authority Server- Why?

    General discussion

  • I Don't Know much about CA Server.

    But we need to access our .net base applications through Internet so we have to get the SSL Certificates.

    In Future we need many applications to be accessed from Internet.

    Someone Suggest me to install the CA Server to give the SSL Certificates to these Applications.

    Can anyone Explain this ?

    Thanks

    Friday, June 13, 2014 10:46 PM

All replies

  • Generally internet facing services and applications will use commercially issued SSL certificates from a provider such as Verisign, GoDaddy, etc... The benefit to standing up your own CA is that there is no cost for the issuance. However, it takes additional hardware, software and technical know how to set it up and make sure it continues to work. For many organizations with little to no expertise, there is little money to be saved by trying to do this on your own. More often than not, the installation and configuration is much more involved than anticipated and if it even gets properly installed, it is often neglected afterwards and eventually leads to outages and business impact. I would buy a commercial certificate now and if you ever get to a point where you are spending A LOT of money on these public certificates and you believe you could hire or contract the resources to install and support the CA, then you can look at doing it in-house.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

    Saturday, June 14, 2014 4:57 PM
  • Thank you Mark,

    Its Clear now for me.

    I have one more question, as access the OWA (Exchange 2010) through Browser inside organization with HTTPS link. 

    the link in the browser goes with red sign "Certificate Missing"as everything working fine but its annoying. 

    So how to install certificates when services are only in LAN.

    Sunday, June 15, 2014 8:12 AM
  • Good question, but in many ways its the same scenario. You could set up your own CA, but the costs and operations have to be factored in. If the CA isnt well maintained, it will affect the access to email - which for many organizations is a big deal. It might be cheaper just to go buy a single certificate for this purpose.


    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

    Sunday, June 15, 2014 4:35 PM