none
What type of certificate?

    Frage

  • Hi,

    I have an old Windows 2003 server acting as a Certificate Authority.

    I want to replace this server with a Win 2008R2 system, and at the same time change the certificate from self signed to a valid external one.

    My forest is "company.biz" and I own the domain already.

    What type of certificate should I buy?

    Is there a special type of CA certificate which allows me to generate new certificates for computers and subdomains?

    Thanks,

    Adfrad

    • Verschoben Bruce-Liu Montag, 26. März 2012 18:04 (From:General)
    Freitag, 23. März 2012 17:30

Antworten

  • What type of certificate should I buy?

    - depends what you need it for, encryption, server authentication, email, signing etc...

    Is there a special type of CA certificate which allows me to generate new certificates for computers and subdomains?

    Check out deploying a Public Key Infrastructure: http://technet.microsoft.com/en-us/library/cc776679(v=ws.10).aspx

    VeriSign uses the concept of classes for different types of digital certificates :

    • Class 1 for individuals, intended for email.
    • Class 2 for organizations, for which proof of identity is required.
    • Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority.
    • Class 4 for online business transactions between companies.
    • Class 5 for private organizations or governmental security.

    Other vendors may choose to use different classes or no classes at all as this is not specified in the SSL protocol, though, most do opt to use classes in some form.


    MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/


    • Bearbeitet Marius EneMVP Samstag, 24. März 2012 19:05
    • Als Antwort markiert Bruce-Liu Mittwoch, 28. März 2012 08:29
    Freitag, 23. März 2012 20:03

Alle Antworten

  • What type of certificate should I buy?

    - depends what you need it for, encryption, server authentication, email, signing etc...

    Is there a special type of CA certificate which allows me to generate new certificates for computers and subdomains?

    Check out deploying a Public Key Infrastructure: http://technet.microsoft.com/en-us/library/cc776679(v=ws.10).aspx

    VeriSign uses the concept of classes for different types of digital certificates :

    • Class 1 for individuals, intended for email.
    • Class 2 for organizations, for which proof of identity is required.
    • Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority.
    • Class 4 for online business transactions between companies.
    • Class 5 for private organizations or governmental security.

    Other vendors may choose to use different classes or no classes at all as this is not specified in the SSL protocol, though, most do opt to use classes in some form.


    MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/


    • Bearbeitet Marius EneMVP Samstag, 24. März 2012 19:05
    • Als Antwort markiert Bruce-Liu Mittwoch, 28. März 2012 08:29
    Freitag, 23. März 2012 20:03
  • Hello,

    the security forum is the better place to ask about CA http://social.technet.microsoft.com/Forums/en/winserversecurity/threads


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Als Antwort vorgeschlagen MYousufAli Sonntag, 25. März 2012 00:51
    Samstag, 24. März 2012 11:34