We help IT Professionals succeed at work.

Windows Certificate Authority V.S Commercial Certificate Authority

wuitsung asked
what's the difference between Windows Certificate Authority and Commercial Certificate Authority?
Windows Certificate Authority is free to use if we have windows 2003 installed, so why people want to pay for Commercial Certificate Authority?
Watch Question

Windows Certificate Authority is you telling people to trust you.  A Commercial Certificate Authority is a "trusted" someone else telling people to trust you.


Thank you. Would you mind explaining more in detail?
The Windows CA is usually used in an orgainization. It is a way that a company can deploy certificates throughout their domain and set that their domain certificate is trusted on the domain computers (usually through group policies.)

In Windows (along with other operating systems), there are a set of commercial certificate authorities that are trusted by default - throughout the world, not only in the one corporate domain. The two that come to mind first are Verisign and Thawte. These two companies will sell you a certificate that you can install on a server, so that when any computer connects, via SSL for example, the certificate will be trusted, and therefore communication will be accepted.

In practice, you use the Windows CA for internal domain communication, between servers and clients.

Commercial certificates are useful for external web pages like your Outlook Web Access site, or a website that takes orders / requires higher security. With OWA and an external facing website, the computer that is connecting is most likely not a part of your domain, and therefore will not trust your certificate by default.

Let me know if you need any further explaination.


With OWA and an external facing website, the computer that is connecting is most likely not a part of your domain, and therefore will not trust your *windows ca / domain* certificate by default.


Thank you brent_caskey! your explanation is very clear. I tried to use the windows CA and run my OWA. And when I tried to access the page, I had to install it.. what did I install? is it the certificate or the root certificate? and what is the root certificate? And do you mean that if I use commertial CA, when I connecto my OWA, I will not see any prompt, it will just go through automatically? Thank you again.

It probably installed the certificate as a trusted cert. onto the local computer you were on.

Here is the step-by-step instructions on how to use an internal certificate:

Here is some more information on external CA / SSL

If you want to use the external cert, you generate a request for a certificate to be processed and send that to the CA you choose.

If you had an external certificate, you would not have to install anything when OWA comes up.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.