I’m often surprised by how many people aren’t aware that you can create and install SSL certificates without going to a publicly trusted Certificate Authority (CA). Windows 2000/2003 has everything you need built right in, so take advantage of it!
Maybe you want to use SSL to encrypt login credentials for accessing your corporate intranet, or for providing secure access to web services... think SQL Reporting Services, and Exchange/OWA. If the business-situation warrants it, take advantage of what Microsoft already offers!
When circumstances permit, use IIS and the built-in Windows Certification Authority make and approve certificate requests.
- Create a certificate request using the IIS MMC
- Submit the certificate request to a CA (Certification Authority) the CA’s web-interface.
- Approve the certificate request using the CA MMC4
- Download the certificate from the CA web-interface, and then install the certificate for the web site you need, using the IIS MMC.
I’m in the process of documenting this more extensively, and will follow-up as time allows. But the key takeaways are outlined above, and if you think through the process, this should provide a good starting point.
One last thing, there certainly are times when a certificate from a publicly trusted CA makes sense… especially when dealing with services that will be exposed to end-customers! In these cases, a publicly trusted certificate should be easy to justify in terms of cost.