A commercial Certificate Authority is an organization that is in the business of creating high-quality certificates and using
these certificates to sign your certificate requests.
Globally-signed certificates have the following advantages:
- In the case of inter-company communication, common trust in an outside, recognized authority may increase confidence in the
security of the system. A Certificate Authority must guarantee the accuracy of the identification information in any certificate
that it signs.
- Certificate Authorities provide controlled environments and advanced methods to generate certificates.
- The private key for the root certificate must remain private. Your organization may not have a suitable place to store this
crucial information, whereas a Certificate Authority can afford to design and maintain dedicated facilities.
Setting up globally-signed certificates
To set up globally signed identity files, you:
- Create a certificate request using the createcert utility with the -r option. See Certificate Creation utility (createcert).
- Use a Certificate Authority to sign each request. You can combine the signed request with the corresponding private key to
create the server identity file.
Globally-signing enterprise root certificates
You might be able to globally-sign an enterprise root certificate. This is only applicable if your Certificate Authority generates
certificates that can be used to sign other certificates.
Using globally signed identity files
Setting up clients to trust the certificate authority's certificate