How To Set Up A Certificate Authority In 10 Minutes

, March 28, 2012 Having a company owned certificate authority makes managing your network devices simpler and more secure. There is nothing inherently wrong with self-signed certs, but you can do better. You can build a CA issue your first certificate in about 10 minutes. Here is how to do it.
  • E-mail

Now point Firefox to https://<hostname>/certsrv. Since the root CA is trusted, I don't get a certificate error and life is good. You can also manually import the CA certificate in to OS's and browsers.

One thing with Firefox is that it helpfully captures the CA certificate download and prompts you to store the certificate. Unfortunately, that means you can't actually save it. So fire up IE, hit your CA, and download the CA certificate as a base64 file.

All that is left to do is disable HTTP on the Certificate Server web site and I am done.

Now you are ready to generate certificate requests for your network appliances and sign them with your CA. How you do that will be vendor dependent and won't always be easy, but they should be able to walk you through generating the CSR and importing the signed certificate.

If you created a stand-alone CA, you can turn it off and put it into a safe place. You won't need it again until you need to issue a new certificate.

Honestly, you spent more time reading this than it takes doing it. Install Microsoft Certificate Services once, and it take no time after that. Once it is installed, signing CSR's is a breeze.


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.