A couple of days ago, I made a post to help you understand the self-issued certificates. Today I wanted to extend on that and show what's been built for 2008 to help you install the self-issued certificate. If you open the Company Web Site inside the company, you'll notice an announcement that tells users how to obtain this package. They can browse to "\\contoso-server\users\public downloads" on the server and obtain the zip file shown on the left. This zip file can then be copied to a USB key or floppy drive and taken to the remote PC. Alternatively, it can be run inside the network to install the certificate onto a Windows Mobile device that is connected to the user's PC. It is not necessary to use this package on client computers that are joined to the domain because Group Policy will push the certificate to these client computers, for the case of a laptop that leaves the domain, it will already have the certificate installed in the trusted root store.
One thing to note, is that each time the Fix My Network wizard is run, it checks the validity of the certificate, if it's invalid, it'll go ahead and re-create the certificates and fix everything up for you.. including dropping a new package to the Public Downloads share.
Once you have the tool at the remote location, un-zip it, and run it. The tool is very simple, and runs on XP SP2 or higher clients, including Vista. When you run it, you will see the following UI:
As you can see from the screen shot, you can install the certificate on the remote PC, or any device running Windows Mobile 6.
While using self-issued certificates got easier with 2008, its still a pain to have to install the certificate every 5 years onto remote devices, it's far easier to use a Trusted Certificate.
4 comments:
First, let me say that you are an absolute hero for any IT person trying to understand the entire security certificate issue. Thank you for your blog.
Second, I was wondering if you blog about intermediate certificates like the ones GoDaddy! provides? I have looked for, but could not find, a reference to how SBS 2008 deals with intermediate certificates and their distribution. I have also looked for an explanation of wildcard vs. ucc certificates.
I really appreciate your straight-forward writing style and your insight in general, thanks again.
jase
Brilliant, this is the document I have been looking for.
how would i install this on windows 7 pro
If you're seeing a bug with this, feel free to post it up on Connect.Microsoft.com. It should work. As a work around, feel free to just import that certificate manually (by double clicking on it) into your personal trusted certificate store.
Post a Comment