Establishing a Root CA


By Corey Hynes, July 2nd, 2003 Posted in Windows 2003. Subscribe to our RSS Feed



Rather Have Fast and Secure Remote Control?

 Securely access PCs and servers worldwide through any firewall. Try it and see for yourself!

Creating a Root CA

A root CA is created by configuring the software to generate a public and private key pair (see my article in Security for more background information). The server then creates a self signing certificate, in which the server vouches for its own identity. This is a very important concept as it represents the implied trust we place in the Root CA. Without any external identity certifying the identity of the Root CA, we must simply take the Root CA’s word that it is the root. Trust in a Root CA is indicated on Windows by placing a copy of the Root CA’s certificate in the trusted root certification authorities store on the local computer. You can view the content of this store by using the property pages of Internet Explorer.

As you can see, Windows includes many baked in roots. These are the certificates of CAs that Microsoft has decided you may trust. You can modify this list by either deleting the certificates of CAs you prefer not to trust, importing the certificates of CAs you do trust, or by using a Certificate Trust List (CTL) in group policy to configure the list of trusted CAs for all computers affected by the policy.

Written by Corey Hynes - Visit Website

Go To Page: 1 2 3 4 5 6 7



Print This Post Print This Post













All Tutorials by Category:















Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.





IT Showcase


Text Link Ads

View all Tutorials by Category: