If you're buying a cert from a 3rd party, and then using that to issue your own certs, then you're buying a CA signing cert, not a server authentication cert.
The former is much more expensive than the latter, as you effectively can issue however many certs you want. Typically you only do this if you need to deal with 3rd parties (since you both mutually trust the original issuing CA organisation). If this is for internal use only, then most orgs will set up their own root CA. Cheers Ken -----Original Message----- From: Stephen Wimberly [mailto:[email protected]] Sent: Friday, 24 August 2012 4:06 AM To: NT System Admin Issues Subject: PKI big picture? I want to use PKI for SCCM 2012, and it's a nice to have for other servers. QUESTION: If I were to purchase a certificate from an outside trusted vendor like Verisign, could I skip the internal Enterprise server CA and import the purchased certificate directly to my SCCM server? >From what I have read so far it looks best to purchase a cert, import it to >your Enterprise CA and then create certificates from the Enterprise CA but it >just sounds redundant. Am I really seeing this 'right'? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
