Windows Certificate Server question - SSL - Website

Can i create my own SSL certificate for our website with Win2k3 certificate services?  

Website is on win2k server....using a Verisign certificate now...
scotto2003Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

platinumbayCommented:
Yes, the downside is that if it is publically available, people will get a popup saying the Authority is unknown.  We do that here though for internal stuff.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
platinumbayCommented:
Go into IIS and create the request, then go to the Win03 CertServ website (local), and submit the request, you'll get a reply and install the cert.
0
scotto2003Author Commented:
Also, this will be for our Client Website (external),  the site gives them (hospitals) status updates and notes from the accounts we work for them... Do you guys know if HIPAA requires an outside certificate authority...?
0
platinumbayCommented:
Very good point.  I am not a lawyer, and am not terribly familiar with HIPPA, so I would have your company speak with a licensed attorney before you get too far, but I did find the following:

I found this on the HIPPA website:
Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor's office should comply with that request if it can be reasonably accommodated.

So at a minimum you would need to take "reasonable steps".

As far as SSL providers, 128bit is 128bit, but the patient might feel better seeing the Verisign logo on the site.

However, like I said I'm not a lawyer, I'd get their advice.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.