I think the MSI should autogenerate a self-signed cert at least (last thing we need is for people to deploy a static pre-distributed cert which would make it that much easier to do man-in-the-middle attacks).
Would be great if the MSI had a choice to use an existing cert, or generate a new one with a user supplied DN (fill-in fields for CN, OU, O , L, ST, C), and generated a self-signed cert with that + a .csr for sending to a Trusted Third-Party for signing. Would also be great if there was some GUI for importing a signed cert post-install, similar to the IIS wizard, but that's probably pushing it. Just my $0.02, Issac William A. Rowe, Jr. wrote: > A final question for all, do we wish to install an arbitrary, on the fly self > signed default.crt/default.key? Do we want to help them fill out the details > or use stock details? Or do we want them to use openssl.exe to generate one > for themselves?