Creating your own Windows digital certificates: The risks and benefits

For a big company, this isn't as onerous; but a smaller outfit may balk at dropping the cash, and may instead want to explore the possibility of simply generating and signing their own certificates. That is actually nowhere near as tough as it sounds -- in fact, it's fairly simple. It is particularly simple in Windows Server, partly because the components required to create your own are included with the server itself -- the most important one being the Certificate Services component.

Follow these steps to generate and sign your own digital certificates:

More detailed directions for setting up a certification authority are available in Microsoft's online documentation for Windows Server. There's also a utility called SelfSSL in the IIS 6.0 Resource Kit that allows you to automate the process of generating and installing a self-signed certificate, so you don't need to go through the whole process manually.

There are a number of benefits to being your own certification autho

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Windows Network Security Cutting the cost of Windows identity and access management Group Policy Object modeling simplifies network security Implementing simple Network Access Protection for Windows Server 2008 Overlooked security in Windows Server 2008 Network Access Protection in Windows Server 2008: Should you care? Branch office security: Pros and cons of read-only domain controllers Data encryption best practices in Windows Remote management for Windows system upgrades Free security testing tools for Windows handheld devices Data encryption with EFS and BitLocker, step by step

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

rity, and there are about as many risks. Consequently, it's not something everyone should consider as an automatic possibility.

The benefits:

The risks:

One good rule of thumb to determine whether or not to use a self-signed certificate for anything is the scope of its use. Any encryption that's being conducted in a forum accessible by the general public, whether it's commerce or just regular communications, should be done with a commercially generated and signed certificate. If you're just testing something internally or want to set up a communications channel amongst you and a number of other known and trusted parties who aren't going to have a problem with a self-signed certificate, then you can set yourself up as your own certification authority.

In short, most of the benefits are cost and convenience, but those benefits come with risks that make self-signing largely unsuitable for public use.

About the author: Serdar Yegulalp is editor of Windows Insight (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.

Rate this Tip To rate tips, you must be a member of SearchWindowsServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.