Globally-signed certificates
A commercial Certificate Authority is an organization that is in the business of creating high-quality certificates and using
these certificates to sign your certificate requests.
Globally-signed certificates have the following advantages:
- In the case of inter-company communication, common trust in an outside, recognized authority may increase confidence in the
security of the system. A Certificate Authority must guarantee the accuracy of the identification information in any certificate
that it signs.
- Certificate Authorities provide controlled environments and advanced methods to generate certificates.
- The private key for the root certificate must remain private. Your organization may not have a suitable place to store this
crucial information, whereas a Certificate Authority can afford to design and maintain dedicated facilities.
Setting up globally-signed certificates
To set up globally signed identity files, you:
- Create a certificate request using the createcert utility with the -r option. See Certificate Creation utility (createcert).
- Use a Certificate Authority to sign each request. You can combine the signed request with the corresponding private key to
create the server identity file.
Globally-signing enterprise root certificates
You might be able to globally-sign an enterprise root certificate. This is only applicable if your Certificate Authority generates
certificates that can be used to sign other certificates.
