A commercial Certificate Authority is an organization that is in the business of creating high-quality certificates and using these certificates to sign your certificate requests.
Globally-signed certificates have the following advantages:
In the case of inter-company communication, common trust in an outside, recognized authority may increase confidence in the security of the system. A Certificate Authority must guarantee the accuracy of the identification information in any certificate that it signs.
Certificate Authorities provide controlled environments and advanced methods to generate certificates.
The private key for the root certificate must remain private. Your organization may not have a suitable place to store this crucial information, whereas a Certificate Authority can afford to design and maintain dedicated facilities.
To set up globally signed identity files, you:
Create a certificate request using the createcert utility with the -r option. See Certificate creation utility [createcert].
Use a Certificate Authority to sign each request. You can combine the signed request with the corresponding private key to create the server identity file.
Globally-signing enterprise root certificates
You might be able to globally-sign an enterprise root certificate. This is only applicable if your Certificate Authority generates certificates that can be used to sign other certificates.
Using globally signed identity files
Setting up clients to trust the certificate authority's certificate