Windows Certificate Authority V.S Commercial Certificate Authority

what's the difference between Windows Certificate Authority and Commercial Certificate Authority?
Windows Certificate Authority is free to use if we have windows 2003 installed, so why people want to pay for Commercial Certificate Authority?
wuitsungAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

2PiFLCommented:
Windows Certificate Authority is you telling people to trust you.  A Commercial Certificate Authority is a "trusted" someone else telling people to trust you.
0
wuitsungAuthor Commented:
Thank you. Would you mind explaining more in detail?
0
brent_caskeyCommented:
The Windows CA is usually used in an orgainization. It is a way that a company can deploy certificates throughout their domain and set that their domain certificate is trusted on the domain computers (usually through group policies.)

In Windows (along with other operating systems), there are a set of commercial certificate authorities that are trusted by default - throughout the world, not only in the one corporate domain. The two that come to mind first are Verisign and Thawte. These two companies will sell you a certificate that you can install on a server, so that when any computer connects, via SSL for example, the certificate will be trusted, and therefore communication will be accepted.

In practice, you use the Windows CA for internal domain communication, between servers and clients.

Commercial certificates are useful for external web pages like your Outlook Web Access site, or a website that takes orders / requires higher security. With OWA and an external facing website, the computer that is connecting is most likely not a part of your domain, and therefore will not trust your certificate by default.

Let me know if you need any further explaination.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

brent_caskeyCommented:
clarification:

With OWA and an external facing website, the computer that is connecting is most likely not a part of your domain, and therefore will not trust your *windows ca / domain* certificate by default.
0
wuitsungAuthor Commented:
Thank you brent_caskey! your explanation is very clear. I tried to use the windows CA and run my OWA. And when I tried to access the page, I had to install it.. what did I install? is it the certificate or the root certificate? and what is the root certificate? And do you mean that if I use commertial CA, when I connecto my OWA, I will not see any prompt, it will just go through automatically? Thank you again.
0
brent_caskeyCommented:
It probably installed the certificate as a trusted cert. onto the local computer you were on.

Here is the step-by-step instructions on how to use an internal certificate:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Here is some more information on external CA / SSL
http://technet.microsoft.com/en-us/library/bb123613(EXCHG.65).aspx
http://www.msexchange.org/tutorials/MF004.html

If you want to use the external cert, you generate a request for a certificate to be processed and send that to the CA you choose.

If you had an external certificate, you would not have to install anything when OWA comes up.

0
wuitsungAuthor Commented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.