Networking Bascis:Certificates

Applies To: Windows SBS 2008

You can use certificates to help protect your network by encrypting the data that is flowing between your network and the Internet. The certificate is used to configure Secure Sockets Layer (SSL), which helps secure communications between a Web browser and your Web server.

Self-signed certificates

A self-signed certificate is created during installation, and it is renewed when you run the Internet Address Management Wizard and provide the domain name. The domain name is the same domain name that people use to access their e-mail or your internal Web site.

A root certificate is created using the internal domain name that you supply during Windows SBS 2008 installation. The root certificate is stored in the certificate authority (CA). The CA, by default, uses a Group Policy object (GPO) to distribute the root certificate to all of the client computers that are joined to the domain. The CA does this because the root certificate is not trusted by default.

The root certificate must be distributed to the client computers that access content on the server through an SSL connection. Some of these computers are internal to the domain (also called "domain clients"), and some of them are external (such as home computers).

If a user installs the certificate on a client computer that is not joined to the domain, such as a home computer, it is strongly recommended that they use the certificate installation package. If they use a Web browser to install the certificate, their computer may be vulnerable to an attack. To adhere to best security practices, the user should use a trusted source to install the certificate on their remote computer, such as an external storage drive.

Certificates from a commercial certificate authority

You can also use a certificate that is signed by a commercial certificate authority (CA), also known as a trusted certificate. All of the registrar partners who work with Microsoft sell trusted certificates for installation on Windows SBS 2008.

The Add a Trusted Certificate Wizard helps you request a trusted certificate from a certificate authority, and then install the trusted certificate when you receive it. Some certificate authorities make the trusted certificate available immediately, while others validate the information with the user offline before they provide the trusted certificate.

Community Additions