Click here to get back home

Self Signed Certificates?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Self Signed Certificates? Will 09-28-2006
Get Chitika Premium
Posted by Will on September 28, 2006, 12:29 am
Please log in for more thread options
 Is there a third party commercial or shareware tool to create self-signed
certificates under Windows 2000 and Windows 2003? My immediate need is for
authentication on just a few servers and clients, and I don't want to hassle
with certificate authorities (yet). I know there is a tool included in
IIS, but it doesn't work on machines that don't have IIS so it is not a
solution for us.

--
Will



Posted by Brian Komar [MVP] on September 28, 2006, 3:50 am
Please log in for more thread options
 westes-usc@noemail.nospam says...
> Is there a third party commercial or shareware tool to create self-signed
> certificates under Windows 2000 and Windows 2003? My immediate need is for
> authentication on just a few servers and clients, and I don't want to hassle
> with certificate authorities (yet). I know there is a tool included in
> IIS, but it doesn't work on machines that don't have IIS so it is not a
> solution for us.
>
>
Self signed certificates will not work in the scenario you describe, as they
would not be
trusted by any of the other clients and servers.
Brian

Posted by Joe Kaplan on September 28, 2006, 2:31 pm
Please log in for more thread options
Well, you can make them work by distributing the certificates and manually
adding them to the trusted roots store. If he is only talking about getting
a limited number of clients and servers working, this is probably a
practical approach. If he tries to scale it further than that, he'll
quickly learn to discover why a CA (or commercially procured certs) is so
valuable. :)

The tool makecert.exe is probably the thing he needs. It isn't as easy to
use as selfssl (from the IIS 6 resource kit), but it can make any kind of
self-signed cert.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
> westes-usc@noemail.nospam says...
>> Is there a third party commercial or shareware tool to create self-signed
>> certificates under Windows 2000 and Windows 2003? My immediate need is
>> for
>> authentication on just a few servers and clients, and I don't want to
>> hassle
>> with certificate authorities (yet). I know there is a tool included in
>> IIS, but it doesn't work on machines that don't have IIS so it is not a
>> solution for us.
>>
>>
> Self signed certificates will not work in the scenario you describe, as
> they would not be
> trusted by any of the other clients and servers.
> Brian



Posted by Brian Komar [MVP] on September 28, 2006, 8:33 pm
Please log in for more thread options
joseph.e.kaplan@removethis.accenture.com
says...
> Well, you can make them work by distributing the certificates and manually
> adding them to the trusted roots store. If he is only talking about getting
> a limited number of clients and servers working, this is probably a
> practical approach. If he tries to scale it further than that, he'll
> quickly learn to discover why a CA (or commercially procured certs) is so
> valuable. :)
>
> The tool makecert.exe is probably the thing he needs. It isn't as easy to
> use as selfssl (from the IIS 6 resource kit), but it can make any kind of
> self-signed cert.
>
> Joe K.
>
I would never recommend distributing self-signed certificates to the trusted
root store.
Really really bad practice... (other than a one-off for testing on a single test
machine)
Brian

Posted by Will on September 29, 2006, 12:06 am
Please log in for more thread options
> Well, you can make them work by distributing the certificates and manually
> adding them to the trusted roots store. If he is only talking about
getting

Why can't you add to the Enterprise Trust store instead of the Trusted
Roots?


> a limited number of clients and servers working, this is probably a
> practical approach. If he tries to scale it further than that, he'll
> quickly learn to discover why a CA (or commercially procured certs) is so
> valuable. :)

Right, and it's also just a learning experience for me in using certificates
under Windows 200x.


> The tool makecert.exe is probably the thing he needs. It isn't as easy to
> use as selfssl (from the IIS 6 resource kit), but it can make any kind of
> self-signed cert.

I searched on makecert.exe on the Microsoft site, but the articles that
reference it don't include a download link. Is it available separately
somewhere on their site? If not, what's the easiest way to obtain it?

--
Will



Similar ThreadsPosted
Self-signed certs for FTP October 10, 2006, 7:07 pm
Creating CA and self-signed cert for EFS recovery July 19, 2007, 10:10 am
Enterprise Subordinate CA signed by third party Commercial CA like Verisign/Thawte/etc January 30, 2006, 1:50 am
Certificates April 5, 2007, 5:38 pm
two CA certificates for IPSec or something... September 17, 2005, 3:58 pm
Certificates are not published October 17, 2005, 3:31 pm
Certificates 802.1X Auth. November 21, 2005, 11:07 am
Removing CA certificates. December 22, 2005, 3:50 pm
Need some information about certificates March 9, 2006, 5:54 pm
EFS Certificates in AD 2003 June 30, 2006, 12:07 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap