Q. I have an internal public key infrastructure and I want the certificates I generate to be trusted by the Internet. How do I do this?

A. There's a chain of trust related to certificates. Most computers have a preconfigured list of trusted Certificate Authorities (CAs), which on Windows you can view using the Certificates MMC snap-in. Look at the Local Computer store under Trusted Root Certification Authorities.

Trusted Certificate Authorities

Within an organization, it's common to add the internal CA to the listed of trusted root CAs for the organization's computers, so that all organization-owned computers trust certificates issued by the internal CA. If you want computers outside of your organization to trust the certificates you generate, you'll need to have your internal CA issued a certificate by one of the trusted root CAs, such as as GlobalSign. These certificates aren't typically cheap, however. You have to decide if it's cheaper to buy individual certificates from the external CA for services external to your organization.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.