Home > Windows Server Tips > > Creating your own Windows digital certificates: The risks and benefits
Windows Server Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Creating your own Windows digital certificates: The risks and benefits


Serdar Yegulalp, Contributor
04.19.2007
Rating: -4.80- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


When you need a digital certificate for your organization, typically for SSL or other encryption-related needs, most people are inclined to buy a certificate from a third-party vendor. Certificates can be pretty pricy -- a wildcard certificate, which provides SSL certification for a given domain and all of its possible subdomains, can run as much as $900.

For a big company, this isn't as onerous; but a smaller outfit may balk at dropping the cash, and may instead want to explore the possibility of simply generating and signing their own certificates. That is actually nowhere near as tough as it sounds -- in fact, it's fairly simple. It is particularly simple in Windows Server, partly because the components required to create your own are included with the server itself -- the most important one being the Certificate Services component.

Follow these steps to generate and sign your own digital certificates:

More detailed directions for setting up a certification authority are available in Microsoft's online documentation for Windows Server. There's also a utility called SelfSSL in the IIS 6.0 Resource Kit that allows you to automate the process of generating and installing a self-signed certificate, so you don't need to go through the whole process manually.

There are a number of benefits to being your own certification autho


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Microsoft Windows Network Security
Cutting the cost of Windows identity and access management
Group Policy Object modeling simplifies network security
Implementing simple Network Access Protection for Windows Server 2008
Overlooked security in Windows Server 2008
Network Access Protection in Windows Server 2008: Should you care?
Branch office security: Pros and cons of read-only domain controllers
Data encryption best practices in Windows
Remote management for Windows system upgrades
Free security testing tools for Windows handheld devices
Data encryption with EFS and BitLocker, step by step

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


rity, and there are about as many risks. Consequently, it's not something everyone should consider as an automatic possibility.

The benefits:

The risks:

One good rule of thumb to determine whether or not to use a self-signed certificate for anything is the scope of its use. Any encryption that's being conducted in a forum accessible by the general public, whether it's commerce or just regular communications, should be done with a commercially generated and signed certificate. If you're just testing something internally or want to set up a communications channel amongst you and a number of other known and trusted parties who aren't going to have a problem with a self-signed certificate, then you can set yourself up as your own certification authority.

In short, most of the benefits are cost and convenience, but those benefits come with risks that make self-signing largely unsuitable for public use.

About the author: Serdar Yegulalp is editor of Windows Insight (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.


Rate this Tip
To rate tips, you must be a member of SearchWindowsServer.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Server Room Design - Planning, Cooling, Maintenance
HomeTopicsBlogsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts