Now point Firefox to https://<hostname>/certsrv. Since the root CA is trusted, I don't get a certificate error and life is good. You can also manually import the CA certificate in to OS's and browsers.
One thing with Firefox is that it helpfully captures the CA certificate download and prompts you to store the certificate. Unfortunately, that means you can't actually save it. So fire up IE, hit your CA, and download the CA certificate as a base64 file.
All that is left to do is disable HTTP on the Certificate Server web site and I am done.
Now you are ready to generate certificate requests for your network appliances and sign them with your CA. How you do that will be vendor dependent and won't always be easy, but they should be able to walk you through generating the CSR and importing the signed certificate.
If you created a stand-alone CA, you can turn it off and put it into a safe place. You won't need it again until you need to issue a new certificate.
Honestly, you spent more time reading this than it takes doing it. Install Microsoft Certificate Services once, and it take no time after that. Once it is installed, signing CSR's is a breeze.
Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics ... View Full Bio